Sports teams, leagues, agents and venues collecting personal information from athletes, fans and sponsors must comply with evolving privacy regulations. Here are key takeaways from a conversation Orrick recently hosted with...more
In 2024, despite political and regulatory challenges, Europe's talent pool reached new heights, even amid funding shortages. Venture capital investment in European startups reached over $52B last year, aligning with the...more
The European Commission’s Digital Services Act (DSA) came into effect for very large online platforms and very large online search engines last year and became fully applicable on Saturday 17 February 2024.
As online service...more
On July 10, 2023, the European Commission formally approved the EU-U.S. Data Privacy Framework (“DPF"). You can view our brief video discussion about the DPF or read our initial update.
Companies that maintained their...more
The European Commission today approved the long-awaited framework for data transfers to the United States. What is the decision about? Today's decision means that organisations subject to the GDPR can benefit from an adequacy...more
Section 702 of the Foreign Intelligence Surveillance Act (“FISA”) has been a looming presence in the European privacy landscape since Edward Snowden first leaked the PRISM files in 2013. Surveillance authorized under FISA 702...more
Update: UK international data transfer agreement and UK addendum to the EU standard contractual clauses now in force In February, the Information Commissioner’s Office (“ICO”), the United Kingdom (UK) data protection...more
In February 2022, the United Kingdom (UK) Information Commissioner’s Office (“ICO”), along with the data protection authority (“DPA”) in the UK, published three new documents ("UK Documents") which update the UK's position on...more
On 2 February 2022 the Belgian Data Protection Authority ("Belgian DPA") ruled that IAB Europe's Transparency and Consent Framework ("TCF") does not comply with the GDPR and fined IAB Europe €250,000. While the sanctions...more
The Austrian data protection authority (Österreichische Datenschutzbehörde; Austrian DPA) recently ruled that the use of Google Analytics violated Chapter V (transfers of personal data to third parties) of the EU General Data...more
2/3/2022
/ Australia ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Schrems I & Schrems II
Orrick's Cyber, Privacy & Data Innovation and IP Licensing & Technology Transactions groups cover the top 10 things you need to know about the new Standard Contractual Clauses ("SCCs") published today by the European...more
6/7/2021
/ Corporate Counsel ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Clauses ,
Model Contracts ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK ,
UK ICO
On November 11, 2020, the European Data Protection Board (EDPB) published its long-awaited guidance on what parties to international data transfers should be doing to perform such transfers in a manner compliant with the...more
In one of the world’s first test cases regarding the legality of the use of automated facial recognition and biometric technology, on 11 August 2020 the English Court of Appeal handed down judgment in R (Bridges) v CC South...more
8/14/2020
/ Automated Systems ,
Biometric Information ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Declaratory Judgments ,
Equality Act ,
EU ,
European Convention on Human Rights ,
Facial Recognition Technology ,
Human Rights ,
Law Enforcement ,
Police ,
Popular ,
Privacy Concerns ,
Public Sector ,
Surveillance ,
UK Data Protection Act
The European Court of Justice (CJEU) published its highly anticipated judgement in the case of Data Protection Commissioner Ireland v Facebook Ireland Limited, Maximillian Schrems, colloquially known as “Schrems 2.0”. There...more
7/17/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
Whatever the outcome of Schrems 2.0, the key takeaway is, don’t panic. Today, July 16, 2020, the European Court of Justice (CJEU) is expected to rule in the case of Data Protection Commissioner Ireland v Facebook Ireland...more
The European Securities and Markets Authority (ESMA) has published an updated version of its Q&A paper on the application of the Undertakings for Collective Investment in Transferable Securities (UCITS) Directive (2009/65/EC)...more
The European Banking Authority (EBA) has published an interim report on the minimum requirement for own funds and eligible liabilities (MREL). Under the Bank Recovery and Resolution Directive (2014/59/EU) (BRRD) the EBA is...more
The European Banking Authority (EBA) has published final draft regulatory technical standards (RTS) on the specification of the assessment methodology for competent authorities regarding compliance of an institution with the...more
The European Securities and Markets Authority (“ESMA“) has published the responses received to the Discussion Paper on UCITS share classes.
The UCITS Directive recognizes the possibility for UCITS to offer different...more
On June 20, 2016, the European Securities and Markets Authority (“ESMA“) published an updated version of the waiver document (ESMA/2011/241h) that sets out its assessment of applications for waivers from pre-trade...more
The European Commission has adopted a Delegated Regulation and annex supplementing the Markets in Financial Instruments Regulation (Regulation 600/2014) (“MiFIR“) with regard to regulatory technical standards (“RTS“) relating...more
On June 24, 2016, the European Commission adopted a Delegated Regulation and annex supplementing the Markets in Financial Instruments Regulation (Regulation 600/2014) (“MiFIR“) with regard to regulatory technical standards...more
The European Commission has adopted an Implementing Regulation on the risk-free rate under the Solvency II Directive (2009/138/EC). The Implementing Regulation sets out technical information to be used by insurers when...more
ESMA has published an opinion proposing amendments to its draft technical standards (“RTS“) under the MiFID II Directive (2014/65/EU) and the Markets in Financial Instruments Regulation (Regulation 600/2014) (MiFIR) relating...more
ESMA published a consultation paper (ESMA/2016/723) on the technical implementation of the proposed Regulation on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of...more