Compliance Perspectives: The End of the Privacy Shield
Nota Bene Episode 89: European Q3 Check In - Merger Clearance and Data Protection Court Rulings and Brexit Updates with Oliver Heinisch
The Court of Justice of the European Union (CJEU) published the Advocate General's Opinion on whether the GDPR would restrict the sale of a database by court enforcement officers to satisfy creditor claims without the consent...more
In this Essential Guide, which is part of Orrick’s Cybersecurity & Privacy Compass Series, we will provide insight into the potential fines that companies may face for violating the General Data Protection Regulation...more
On July 10, 2023, the European Commission (EC) adopted its adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF, or “Privacy Framework”), which establishes the Privacy Framework as an authorized mechanism...more
Swiftly on the heels of the U.S. announcing it fulfilled its commitments for implementing the EU-U.S. Data Privacy Framework (the Framework), the European Commission (the EC) formally recognized that commercial organizations...more
As we’ve written about before, the question of anonymization can be tricky. When is something “anonymized” or merely “de-identified” or “pseudonymous” — and when does it matter? This is a particularly fraught issue under...more
The Court of Justice of the EU (CJEU)1 has held that the General Data Protection Regulation (GDPR) requires controllers to provide data subjects a "faithful reproduction" of their personal data, which takes into account the...more
Der Europäische Gerichtshof (EuGH) wird bald darüber entscheiden, ob europäische Datenschutzbehörden künftig leichter Bußgelder nach Art. 83 DSGVO gegen Unternehmen verhängen können. Diese Entscheidung kann großen Einfluss...more
The recent CJEU decision in X-FAB (Case C-453/21) provides guidance on how to determine whether a conflict of interest could arise for your Data Protection Officer (“DPO”) and how to avoid this. It also confirms the approach...more
In a recent judgment, the Court of Justice of the European Union (the CJEU) has confirmed that Data Protection Officers (DPOs) can maintain other tasks and duties within their role, provided they do not result in a conflict...more
On January 12, 2023, the Court of Justice of the European Union (CJEU) ruled that the data subject’s right of access to personal data requires controllers to provide the data subject with the identity of the companies that...more
Earlier this month the Court of Justice of the European Union (“CJEU”) issued a decision adopting a surprisingly broad interpretation of the “special categories of personal data” under GDPR. Under GDPR Article 9, such data...more
On December 2, 2020, the European Commission and the European Union (“EU”) foreign affairs service issued a joint statement with goals for the EU’s relationship with the United States. The statement highlighted areas of...more
On November 11, 2020, the European Data Protection Board (“EDPB”) released two documents as a follow-up to the Court of Justice of the European Union’s (“CJEU”) notable July 2020 decision, known as Schrems II. These documents...more
Keypoint: The EDPB’s much-anticipated recommendations will help companies identify the supplementary measures they need to put into place to comply with the CJEU’s Schrems II decision. Today, the European Data Protection...more
It’s been well written that in Case C-311/18, Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems (Schrems II), the Court of Justice of the European Union (CJEU) struck down the Privacy Shield, a...more
Will the EU finally deny the right to transfer any personal data from its shores to the United States? Its privacy decisions have been inching closer to this determination for years, and an Irish case against Facebook may tip...more
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
Der Bundesgerichtshof (BGH) hat dem Europäischen Gerichtshof (EuGH) die Frage zur Entscheidung vorgelegt, inwieweit Verbraucherschutzverbände berechtigt sind, Datenschutzverstöße geltend zu machen. Die Antwort auf diese Frage...more
Under the ePrivacy Directive, in conjunction with the GDPR, the use of nonessential cookies (e.g., advertising and analytics) requires an affirmative, opt-in consent. Pre-ticked check boxes and other defaults that do not...more
On 24 September 2019, the European Union’s top court issued a landmark ruling declaring that Google does not have to extend the “right to be forgotten” rules to its search engines globally.1 This decision provides important...more
Why does this topic matter to organisations? Under the Directive, organisations were obliged to deal with a separate DPA for each Member State whose laws apply to them. This meant that businesses faced a range of...more
Urgent Data Protection Measures for GDPR Enforceability - New Order or Decree - The Spanish government has fast-tracked the approval of measures aimed at adjusting Spanish legislation to the new General Data Protection...more
The European Union Court of Justice (“CJEU”) to rule on the validity of Model Contractual Clauses (“MCCs”) following referral by the Irish High Court. The Irish High Court has “well-founded” concerns that there is no...more
The Irish High Court recently asked the Court of Justice of the European Union (CJEU) to rule on the validity of “standard contractual clauses” as a basis for transferring personal data out of the European Economic Area...more