This Week in FCPA-Episode 80, The Last Jedi Edition
Prepare your organization to stay one step ahead in the ongoing battle against cyber and IT risk management. As organizations increasingly leverage third-party services and cloud technologies, cybercriminals are becoming...more
Effective July 10, 2023, the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) replaced the invalidated EU-U.S. Privacy Shield framework (“Privacy Shield”). Participating U.S. organizations can now receive personal data...more
The European Commission published its Proposal for a Regulation (on 4 July 2023) laying down additional procedural rules relating to the enforcement of GDPR (the Proposal), which aims to complement the GDPR by specifying the...more
Data is yet again at the top of the agenda in the UK Parliament. Seeking to balance the need for the protection of privacy of data and enabling data-driven growth, the UK Department for Science, Innovation and Technology...more
The Advocate General (AG) Pikamäe of the Court of Justice of the European Union (CJEU) issued his opinions in three cases concerning the credit rating agency SCHUFA Holding AG (SCHUFA) on 16 March 2023....more
Designed for busy in-house counsel, compliance professionals, and anti-corruption lawyers, this newsletter summarizes some of the most important international anti-corruption developments from the past month, with links to...more
The Belgian Data Protection Authority (APD) recently released a draft decision imposing a €250,000 fine ($285,000) on the provider of a consent mechanism that operates within a real-time ad bidding program. The ad bidding...more
This year saw the UK grapple with life after Brexit and, along with the rest of the world, the impact of the continued COVID-19 pandemic. As 2021 draws to a close, we round up the key events and developments from the year in...more
During the course of the last three months, there has been a significant focus on the activity of the Serious Fraud Office (SFO). The SFO has achieved its objectives in some instances; see, for example, our article below...more
The DPA of Uruguay, one of the only countries recognized as “adequate” destinations for cross border data transfers from the European Union – has issued updated guidance on the content of cross border data transfer agreements...more
As we began exploring last week in Part I of our Post-Brexit, Schrems II, and the GDPR: Privacy Compliance Priorities in Early 2021 series, significant developments in late 2020 charted a course in privacy/cyber compliance...more
Keypoint: Entities that use Article 28 data processing agreements should closely review the EDBP’s draft guidelines and modify their data processing agreement as necessary. In September, the European Data Protection Board...more
This morning, Germany’s Federal Data Protection Authority (DPA) announced that the European Data Protection Board (EDPB) has finalized an initial set of FAQs on international transfers in light of the recent Schrems II...more
The Court of Justice of the European Union (CJEU, the EU’s highest court) has delivered its long-awaited decision in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (commonly referred to as Schrems...more
Following its investigation of a personal data breach, the Belgian Data Protection Authority (DPA) issued a ruling on April 28, 2020, imposing a €50,000 fine on an organization for negligence in having appointed the company’s...more
On April 21, The European Data Protection Board (EDPB) published guidelines related to use of data for fighting the COVID-19 health crisis....more
Why does this topic matter to organisations? Under the Directive, organisations were obliged to deal with a separate DPA for each Member State whose laws apply to them. This meant that businesses faced a range of...more
Why does this topic matter to organisations? Under the GDPR, the concept of a "processor" has not changed. Any entity that was a processor under the Directive likely continues to be a processor under the GDPR. However,...more
The President of the Personal Data Protection Office in Poland (Polish DPA) imposed a fine amounting to PLN 943,470 (approximately EUR 220,000; approximately USD 245,977) for failing to fulfil the company’s transparency...more
As was generally expected from informal comments by EU representatives, Privacy Shield has survived its first annual review. Commissioner Jourova stated: “Our first review shows that the Privacy Shield works well, but there...more
The General Data Protection Regulation (GDPR) is a new data privacy and security law in Europe that will go into force on May 25, 2018. Every organization that does business with EU customers, regardless of the home base of...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
While we wait to see what the BREXIT result will mean for the UK’s data protection regime, it is important to recognize that the result will not change anything immediately. The exact nature of the post-BREXIT UK-EU...more
In immediate response to the outcome of the recent referendum in the United Kingdom (UK) to leave the European Union (EU), the UK’s data protection regulator, the Information Commissioner’s Office (ICO) released the following...more
Things are seriously bad when one of the world’s most respected business focused publications, the Financial Times (FT), asks if the auto “industry faces ‘Libor moment’”? Yet that was a headline yesterday in the lead article...more