The Court of Justice of the European Union (CJEU), the EU’s highest court, recently announced its significant Lindenapotheke decision, permitting companies to use the General Data Protection Regulation in business-to-business...more
The European Data Protection Board (EDPB), the umbrella group of the EU’s data protection authorities, has issued new Guidelines 01/2024 of October 9, 2024 on the processing of personal data based on the legitimate interest...more
The German Data Protection Conference (DSK) on September 11, 2024 published guidance on asset deals (the Guidelines) that distinguishes between various stages of a sale process and the relevant personal data that can be...more
The European Union’s new AI Act (the Act) went into efect on 1 August 2024. The Act is the first-ever comprehensive law focused on artifcial intelligence and machine learning (collectively, AI). The Act impacts many...more
The EU AI Act was adopted by the Council of the European Union on May 21, 2024. It will be officially published in the EU Official Journal during the second half of July and likely to come into force by August this year,...more
The lead negotiators of the Council of the EU and the European Parliament have reached an agreement on a new EU regulation for the European Health Data Space (EHDS). Once adopted, the regulation will expand individuals’...more
The European Court of Justice (CJEU) recently issued a significant final decision affecting the online advertising industry, particularly concerning the Transparency and Consent Framework (TCF) developed by the Interactive...more
A recent decision by the Court of Justice of the European Union will extend the EU General Data Protection Regulation’s automated decision-making restrictions to many present and future use cases of such technologies. While...more
While the European Parliament and European Commission look to finalize the EU Artificial Intelligence (AI) Act, many are interested to see how its relationship with the General Data Protection Regulation (GDPR) will play out,...more
The Council of the European Union adopted the Data Act on November 27, 2023. The Data Act, together with the Data Governance Act and EU General Data Protection Regulation (GDPR), as key elements of the broader European data...more
The EU-US Data Privacy Framework (DPF) became effective on July 10, and on the same day, the European Commission adopted an Adequacy Decision relating to the DPF. As a successor of the EU-US Privacy Shield, the EU-US DPF...more
The European Parliament voted on June 14, 2023 to adopt its position on the draft EU Artificial Intelligence Act (EU AI Act) that would impose a comprehensive regulatory regime on AI. More rules are expected to follow for...more
The European Commission (Commission) is adopting an Adequacy decision for certain transfers of personal data to the United States. This adoption would foster trans-Atlantic data flows and address the concerns raised by the...more
The European Union (EU) Commission released its Draft Adequacy Decision for the EU-US Data Privacy Framework on December 13, which, in conjunction with President Biden’s executive order issued on October 7, will further...more
The European Commission recently released a draft adequacy decision for the European Union and United States Transatlantic Data Privacy Framework (TDPF). If the decision is finalized, data transfers between the European Union...more
The German Higher Regional Court of Karlsruhe (OLG Karlsruhe) recently repealed the July 13, 2022, decision of the Procurement Chamber of the German state of Baden-Württemberg that had argued that the mere risk of access to...more
World events, such as the COVID-19 pandemic, have accelerated the need for business operations to grow more digitally reliant and driven. As the global network grows and becomes more interconnected, privacy and...more
9/15/2022
/ Biometric Information ,
Computer Fraud and Abuse Act (CFAA) ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Personal Information Protection Law (PIPL) ,
Popular
The German Conference of DPAs (the DSK) has released new (legally non-binding) detailed Guidelines dated February 18, 2022 with respect to direct marketing in Germany. ...more
The European Commission has finally approved two decisions on 28 June granting the United Kingdom the cherished status of having “adequate” data protection laws so that transfers of personal data from the European Union are...more
Importers of EU data will need to analyze each data transfer for compliance with the new Standard Contractual Clauses; solely relying on data subjects’ consents may not be sufficient. Since the European Court of Justice...more
6/15/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Council of the European Union (Council) released a new draft of the ePrivacy Regulation (Council doc. 5642/21) on January 5, 2021. Various versions of the ePrivacy Regulation have been under consideration in the Council...more
2/11/2021
/ Consent ,
Cookies ,
Cybersecurity ,
Data Protection ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Metadata ,
Personal Data ,
Regulatory Requirements
Schrems II may force companies obligated to produce EU personal data to the task of determining whether to comply with US discovery obligation rules that risk fines under the GDPR for illegal data transfers or to defy the US...more
8/24/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Court of Justice of the European Union (ECJ) has finally issued its decision on the validity of standard contractual clauses (SCCs) in the Irish Data Protection Commissioner’s referral to the ECJ for an opinion on the...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Germany debates whether apps related to the coronavirus (COVID-19) pandemic would be useful, what they should cover, and what the ramifications would be under applicable data protection laws. ...more
The EU General Data Protection Regulation allows the temporary suspension of some data-protection rights in times of crisis, such as the outbreak of the 2019 Novel Coronavirus. This installment of The eData Guide to GDPR...more
3/10/2020
/ Best Practices ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Emergency Management Plans ,
EU ,
EU Data Protection Laws ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Infectious Diseases ,
International Data Transfers ,
Italy ,
Personal Data ,
Policies and Procedures ,
Popular ,
Public Health ,
Risk Management