The Court of Justice of the European Union (CJEU), the EU’s highest court, recently announced its significant Lindenapotheke decision, permitting companies to use the General Data Protection Regulation in business-to-business...more
The European Data Protection Board (EDPB), the umbrella group of the EU’s data protection authorities, has issued new Guidelines 01/2024 of October 9, 2024 on the processing of personal data based on the legitimate interest...more
The German Data Protection Conference (DSK) on September 11, 2024 published guidance on asset deals (the Guidelines) that distinguishes between various stages of a sale process and the relevant personal data that can be...more
The EU AI Act was adopted by the Council of the European Union on May 21, 2024. It will be officially published in the EU Official Journal during the second half of July and likely to come into force by August this year,...more
The lead negotiators of the Council of the EU and the European Parliament have reached an agreement on a new EU regulation for the European Health Data Space (EHDS). Once adopted, the regulation will expand individuals’...more
The European Court of Justice (CJEU) recently issued a significant final decision affecting the online advertising industry, particularly concerning the Transparency and Consent Framework (TCF) developed by the Interactive...more
A recent decision by the Court of Justice of the European Union will extend the EU General Data Protection Regulation’s automated decision-making restrictions to many present and future use cases of such technologies. While...more
While the European Parliament and European Commission look to finalize the EU Artificial Intelligence (AI) Act, many are interested to see how its relationship with the General Data Protection Regulation (GDPR) will play out,...more
The Council of the European Union adopted the Data Act on November 27, 2023. The Data Act, together with the Data Governance Act and EU General Data Protection Regulation (GDPR), as key elements of the broader European data...more
India enacted its new privacy law—the Digital Personal Data Protection Act, 2023 (DPDP Act) on August 11. Once in effect, the DPDP Act will replace the relevant provisions of the Information Technology Act, 2000, Information...more
The EU-US Data Privacy Framework (DPF) became effective on July 10, and on the same day, the European Commission adopted an Adequacy Decision relating to the DPF. As a successor of the EU-US Privacy Shield, the EU-US DPF...more
The European Commission (Commission) is adopting an Adequacy decision for certain transfers of personal data to the United States. This adoption would foster trans-Atlantic data flows and address the concerns raised by the...more
The European Union (EU) Commission released its Draft Adequacy Decision for the EU-US Data Privacy Framework on December 13, which, in conjunction with President Biden’s executive order issued on October 7, will further...more
US President Joseph Biden issued an Executive Order On Enhancing Safeguards for United States Signals Intelligence Activities on October 7, which establishes safeguards relating to the handling of personal information in the...more
The Swiss government has drafted a proposed list of countries that are approved to receive personal data transfers out of Switzerland. Japan and South Korea are excluded from the current and proposed lists, requiring...more
The German Higher Regional Court of Karlsruhe (OLG Karlsruhe) recently repealed the July 13, 2022, decision of the Procurement Chamber of the German state of Baden-Württemberg that had argued that the mere risk of access to...more
World events, such as the COVID-19 pandemic, have accelerated the need for business operations to grow more digitally reliant and driven. As the global network grows and becomes more interconnected, privacy and...more
9/15/2022
/ Biometric Information ,
Computer Fraud and Abuse Act (CFAA) ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Personal Information Protection Law (PIPL) ,
Popular
As the challenges to and requirements governing data protection continue to evolve, data privacy remains a hot topic on the minds of security and compliance professionals around the world. If the last few years provide any...more
The German Conference of DPAs (the DSK) has released new (legally non-binding) detailed Guidelines dated February 18, 2022 with respect to direct marketing in Germany. ...more
The European Commission has finally approved two decisions on 28 June granting the United Kingdom the cherished status of having “adequate” data protection laws so that transfers of personal data from the European Union are...more
Importers of EU data will need to analyze each data transfer for compliance with the new Standard Contractual Clauses; solely relying on data subjects’ consents may not be sufficient. Since the European Court of Justice...more
6/15/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Council of the European Union (Council) released a new draft of the ePrivacy Regulation (Council doc. 5642/21) on January 5, 2021. Various versions of the ePrivacy Regulation have been under consideration in the Council...more
2/11/2021
/ Consent ,
Cookies ,
Cybersecurity ,
Data Protection ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Metadata ,
Personal Data ,
Regulatory Requirements
Schrems II may force companies obligated to produce EU personal data to the task of determining whether to comply with US discovery obligation rules that risk fines under the GDPR for illegal data transfers or to defy the US...more
8/24/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Court of Justice of the European Union (ECJ) has finally issued its decision on the validity of standard contractual clauses (SCCs) in the Irish Data Protection Commissioner’s referral to the ECJ for an opinion on the...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
New patient consent forms in Germany cover the use of patient care data and clinical and biomedical research.
German Data Protection Commission DSK has approved a revised version of forms that the so-called Medical...more