Nota Bene Episode 135: Europe Q3 Check In: Brexit, Data Protection, and Block Exemption Regulations with Oliver Heinisch
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
How to avoid a €20m fine. Meritas guide to the steps companies should take to comply with GDPR
Data Privacy Trouble Surrounding Google Street View Cars Presents Lesson for Smaller Companies
Why does this topic matter to organisations? EU data protection law provides data subjects with a wide array of rights that can be enforced against organisations that process personal data. These rights may limit the...more
Data protection laws in Europe evolved substantially in 2018, with the implementation of the General Data Protection Regulation (GDPR) and the Directive on Security of Network and Information Systems (NIS Directive) becoming...more
If you have ever made an online purchase, chances are that you have received at least one email in the last month notifying you that a company’s privacy policy has changed. ...more
After ten hours of Congressional testimony, one thing is clear – there is growing bipartisan concern over data privacy and data protection in the US. In the wake of so many recent data breaches, and now the data harvesting...more
An immense volume of personal data (or personally identifiable information) is proliferating and flowing throughout the world. Personal data is an incredibly valuable asset to companies but data protection and privacy laws...more
We’ve discussed privacy compliance with regulations, legal requirements, etc. in the space since this blog’s inception. “Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks...more
On April 14, 2016, the European Parliament approved the General Data Protection Regulation (“GDPR” or the “Regulation”), a new regulation that will replace the European Union’s (“EU”) current data privacy standard. As a...more
A new data protection framework (the GDPR) has been adopted, significantly changing current EU laws. It will take the form of a Regulation and so will be directly applicable in all EU Member States from 25 May 2018. Once in...more
After the European Court of Justice invalidated Safe Harbor on October 6, ?2015, the Article 29 Working Party announced in an October 16, 2015 statement that US companies that were Safe Harbor certified had until the end of...more
Businesses have two years to comply with Europe’s new privacy regime. On 24 May 2016, after more than four years of debate, the General Data Protection Regulation (GDPR, or the Regulation) enters into force. The GDPR...more
Background - The EU Data Protection Directive 95/46/EC (the “Directive”) creates the legal framework for national data-protection laws in each EU member state. The Directive states that personal data may only be...more
In this edition of our Privacy & Cybersecurity Update, we discuss what companies need to know in the wake of the EU Court of Justice's rejection of the U.S.-EU Safe Harbor framework and take a look at the following important...more
As multinational employers are aware, data privacy laws can vary greatly from jurisdiction to jurisdiction. Ensuring compliance with the different requirements can be challenging, and the penalties for noncompliance can be...more
The European Union has consistently provided its residents greater data protection than the United States. Directive 95/46/EC outlines specific requirements for data protection, including a provision that transfers of...more
Last Tuesday, the European Court of Justice (ECJ) invalidated the US-EU Safe Harbor framework in Schrems v. Data Protection Commissioner. The Safe Harbor provided companies with a self-certification process through the US...more
Since 2000, the EU-US Safe Harbor program has been one means by which eligible US companies could transfer personal data from the European Union (EU) to the United States in accordance with EU law regulating transfers of...more
The CJEU’s Decision on Safe Harbor and its Effects on US Technology Companies - On October 6, 2015, the Court of Justice of the European Union (“CJEU”), the European Union’s highest court, issued a groundbreaking...more
The European Court of Justice (ECJ) has struck down the 15-year-old “Safe Harbor” agreement that permitted companies operating in Europe to transmit personal user data to the United States, as long as the U.S. ensures an...more
On October 6th, the European Court of Justice (ECJ) issued its opinion in Schrems v. Data Protection Commissioner (C-362/14), a case which, among other things, challenged the validity of the European Commission’s 2000 finding...more
Life just got a lot more confusing, complicated and expensive for organizations that transmit personal data to the United States from the European Union (EU) under the frequently-used U.S. – EU Safe Harbor program. Why?...more
Data transfers can be suspended until investigation is complete. In Maximillian Schrems v. Data Protection Commissioner (case C-362/14), the Advocate General ruled that EU data protection authorities do have powers to...more