The implementation of the European Union (EU)’s General Data Protection Regulation (GDPR) has raised a number of questions as to how best to approach cross-border discovery. Friction between legal holds and the “right of...more
The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to...more
The European Union’s General Data Protection Regulation (“GDPR”) is arguably the most comprehensive – and complex – data privacy regulation in the world. As companies prepare for the GDPR to go into force on May 25, 2018,...more
Features - Updates on the EU - Privacy & Data Security Team Launches GDPR Tracker Website. The Alston & Bird Privacy & Data Security Team recently launched the General Data Protection Regulation (GDPR) Tracker website,...more
The Article 29 Working Party group (WP29) of European data protection authorities recently announced that they will legally challenge the adequacy of the Privacy Shield Framework unless the U.S. government addresses certain...more
The EU and U.S. competent authorities have one year to implement the recommendations that the Article 29 Working Party (WP29, which is a gathering of all EU national data protection authorities) made in its opinion of...more
The Article 29 Working Party (WP29) recently issued guidelines regarding data controllers' notification obligations following security breaches involving the personal data of EU citizens....more
Global companies face stricter rules on employee data privacy, in particular when using social media and internal monitoring tools. It also now becomes clearer that many EU Member States will use the opening clause of Art. 88...more
The EU General Data Protection Regulation’s (GDPR) requirements are coming into focus quickly as EU data protection authorities continue to issue guidance on different aspects of the law. On April 4, 2017, the Article 29...more
Spanish Ministry of Justice Launches Public Consultation on GDPR. On February 7, 2017, the Spanish Ministry of Justice launched a public consultation as a preliminary step before drafting a new bill implementing the General...more
Last week, the French Data Protection Authority (“CNIL”) launched the second round of a public consultation on the General Data Protection Regulation (“GDPR”). The first public consultation was launched in June 2016 and...more
On February 20, 2017, the Article 29 Working Party released procedures and a template complaint form for implementing the EU-US Privacy Shield. The procedures govern the functioning of the informal data protection authority...more
In the United States, privacy certifications, or “trustbrands,” are seals licensed by organizations to place on their homepage or within their privacy policy. The seals typically state, or imply, that the organization has...more
The Article 29 Working Party (WP29) – the group that represents the data protection authorities of all EU Member States – has published guidance and FAQs on a number of issues under the General Data Protection Regulation...more
On Friday, the Article 29 Working Party issued official guidance relating to the General Data Protection Regulation, or GDPR. The Article 29 Working Party is comprised of representatives of the various EU Member States’ data...more
On 30 November 2016 the European Commission (“Commission” or “EC”) presented its Communication on connected cars for Europe, under the more formal denomination “A European Strategy on Cooperative Intelligent Transport Systems...more
In late October 2016, European Union (“EU”) data protection authorities issued letters to Yahoo and WhatsApp related to alleged privacy incidents involving those companies. The letters were issued by a collective of EU data...more
Over the course of the past two months, three privacy groups in France and one in Ireland filed separate actions for annulment with the European Court of Justice seeking the invalidation of the EU-U.S. Privacy Shield...more
The European Commission very recently presented two draft implementing decisions amending the existing adequacy decision on standard contractual clauses. These drafts were presented to the Article 31 Committee, which is...more
The EU-US Privacy Shield, designed to protect EU citizens’ personal data when it is transferred to US organisations, has now been in place for a couple of months. How is it shaping up?...more
On September 12, 2016, the Data Protection Authority of the German Federal State of North Rhine-Westphalia (“DPA NRW”) became one of the first EU data protection authorities to issue guidance on the implementation of the...more
The Privacy Shield is now live, having gone into effect on August 1. Perhaps emboldened by the Article 29 Working Party’s late July announcement that European regulators will not challenge the program’s adequacy for at least...more
It’s been another exciting week of developments for U.S. companies on the EU data transfer front. From the first company to indicate that it will certify under Privacy Shield, to the first European Data Protection Authority...more
Beginning August 1, U.S.-based companies that self-certify their compliance with the EU-U.S. Privacy Shield will be able to import data under the new data transfer framework. But how can your company best prepare? ...more