The final decision of the Irish Data Protection Commission (IDPC) in relation to the transfers of EU/EEA Facebook user data by Meta Platforms Ireland Limited (Meta Ireland) to its processor, Meta Platforms, Inc., in the US...more
U.S. privacy law is undergoing dramatic change on an accelerating pace. New laws across the country address specific industries, certain kinds of data, and various concerning practices. There is international pressure to...more
French regulators have held that the use of Google Analytics violates the GDPR, a decision that likely has broad implications for web analytics companies and website operators. On February 10, 2022, the French Data...more
When GDPR became effective three years ago, companies took notice of the fines and penalties attached to violations of the stringent privacy law—4 percent of global annual sales....more
News sources reported this month that the Irish data protection authority (DPA) had sent Facebook a preliminary order that would prohibit the transfer of information about European Union (EU) residents to US Facebook users....more
French Data Protection Authority Issues Guidelines on Cookie Use - CNIL, France’s data protection authority, has released new rulesfor obtaining consumer consent under the GDPR for companies using cookies and other tracking...more
On July 29, 2019, the European Court of Justice (ECJ) issued its decision in FashionID (Case C-40/17), determining that website operators are jointly liable with plugin providers for data collection and transmission through...more
Recent legislative hearings in the United States and Europe have focused on the means by which large third-party data collectors track individuals via websites. Regulators have paid comparatively little attention to the...more
The European Union’s top court ruled last week that the operator of a Facebook fan page is a “joint controller,” along with Facebook, with respect to personal data collected on such pages. The decision has implications for...more
Antitrust and Competition - Another transaction in the technology sector referred to the European Commission for its review - The European Commission (“Commission”) is yet again set to review a transaction in the technology...more
The Situation: The European Court of Justice ("ECJ") is to rule on the validity of EU Standard Contractual Clauses used by companies to transfer personal data outside of the European Union, at the request of Ireland's High...more
Executive summary: The EU’s standard contractual clauses may be on the fast track to invalidation, putting a vast number of personal data transfers from the EEA at risk. A case brought by Maximilian Schrems (whose first...more
After the European Court of Justice invalidated Safe Harbor on October 6, ?2015, the Article 29 Working Party announced in an October 16, 2015 statement that US companies that were Safe Harbor certified had until the end of...more
In the comic book world, one is often either a DC person or a Marvel person. In the data privacy world, one could say the European Court of Justice ruling last fall inspired the switch from DC’s Aquaman’s (Safe) Harbor to...more
Once again, Facebook is in the spotlight. On November 9, following the Recommendation 04/2015 of May 13, 2015, issued by the Belgian Data Protection Authority (Belgian DPA) that we mentioned in a previous blog post, a Belgian...more
On 11 September, TeliaSonera and Telenor have abandoned the proposed merger of their business units in Denmark. The contemplated transaction would have resulted in the establishment of a joint venture active in the provision...more
Last week, the Vienna Higher Regional Court ruled that most of Max Schrems’ claims against Facebook can proceed, including his claim that Facebook improperly allowed his personal information to be shared with the National...more
EU Commissioner Vera Jourova recently announced in a speech to the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) that the Commission and the US have made substantial progress in finalizing a...more
Whom to suspend during any Foreign Corrupt Practices Act (FCPA) investigation is always a delicate question to answer. Unfortunately there is never an easy answer. As the Volkswagen (VW) emission-testing scandal continues to...more
The European Court of Justice has declared invalid the Safe Harbor data-transfer agreement that has governed EU data flows across the Atlantic for the last 15 years. Thousands of U.S. companies have relied on the Safe Harbor...more
A lot has happened since the European Court of Justice’s declaration that the EU-US safe harbor framework is invalid. First, the Article 29 Working Party, an organization comprised of representatives from each data...more
On October 20, 2015, the Irish High Court ordered the Irish Data Protection Commissioner (DPC) to investigate Facebook’s European data privacy practices, bringing Max Schrems’ three-year fight full circle. The Court quashed...more
The European Court of Justice’s (CJEU) recent decision striking down the EU-US Safe Harbor framework has created significant marketplace uncertainty and left companies scrambling for alternative cross-Atlantic data transfer...more
A landmark decision of the European Court of Justice (ECJ) has held that companies may no longer rely on “Safe Harbour” to justify transferring personal data from the European Union to the US, because the US Government has a...more
The European Court of Justice's (CJEU) recent decision striking down the EU-US Safe Harbor framework has created significant marketplace uncertainty and left companies scrambling for alternative cross-Atlantic data transfer...more