The Court of Justice of the European Union (CJEU), the EU’s highest court, recently announced its significant Lindenapotheke decision, permitting companies to use the General Data Protection Regulation in business-to-business...more
The European Data Protection Board (EDPB), the umbrella group of the EU’s data protection authorities, has issued new Guidelines 01/2024 of October 9, 2024 on the processing of personal data based on the legitimate interest...more
The German Data Protection Conference (DSK) on September 11, 2024 published guidance on asset deals (the Guidelines) that distinguishes between various stages of a sale process and the relevant personal data that can be...more
The EU AI Act was adopted by the Council of the European Union on May 21, 2024. It will be officially published in the EU Official Journal during the second half of July and likely to come into force by August this year,...more
The European Court of Justice (CJEU) recently issued a significant final decision affecting the online advertising industry, particularly concerning the Transparency and Consent Framework (TCF) developed by the Interactive...more
A recent decision by the Court of Justice of the European Union will extend the EU General Data Protection Regulation’s automated decision-making restrictions to many present and future use cases of such technologies. While...more
The Council of the European Union adopted the Data Act on November 27, 2023. The Data Act, together with the Data Governance Act and EU General Data Protection Regulation (GDPR), as key elements of the broader European data...more
India enacted its new privacy law—the Digital Personal Data Protection Act, 2023 (DPDP Act) on August 11. Once in effect, the DPDP Act will replace the relevant provisions of the Information Technology Act, 2000, Information...more
The EU-US Data Privacy Framework (DPF) became effective on July 10, and on the same day, the European Commission adopted an Adequacy Decision relating to the DPF. As a successor of the EU-US Privacy Shield, the EU-US DPF...more
The European Union (EU) Commission released its Draft Adequacy Decision for the EU-US Data Privacy Framework on December 13, which, in conjunction with President Biden’s executive order issued on October 7, will further...more
The European Commission recently released a draft adequacy decision for the European Union and United States Transatlantic Data Privacy Framework (TDPF). If the decision is finalized, data transfers between the European Union...more
US President Joseph Biden signed the long-anticipated Executive Order on Enhancing Safeguard for United States Signals Intelligence Activities (EO) on October 7, 2022, providing enhanced protections in an effort to restore...more
The Swiss government has drafted a proposed list of countries that are approved to receive personal data transfers out of Switzerland. Japan and South Korea are excluded from the current and proposed lists, requiring...more
The German Conference of DPAs (the DSK) has released new (legally non-binding) detailed Guidelines dated February 18, 2022 with respect to direct marketing in Germany. ...more
Importers of EU data will need to analyze each data transfer for compliance with the new Standard Contractual Clauses; solely relying on data subjects’ consents may not be sufficient. Since the European Court of Justice...more
6/15/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Council of the European Union (Council) released a new draft of the ePrivacy Regulation (Council doc. 5642/21) on January 5, 2021. Various versions of the ePrivacy Regulation have been under consideration in the Council...more
2/11/2021
/ Consent ,
Cookies ,
Cybersecurity ,
Data Protection ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Metadata ,
Personal Data ,
Regulatory Requirements
Schrems II may force companies obligated to produce EU personal data to the task of determining whether to comply with US discovery obligation rules that risk fines under the GDPR for illegal data transfers or to defy the US...more
8/24/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Court of Justice of the European Union (ECJ) has finally issued its decision on the validity of standard contractual clauses (SCCs) in the Irish Data Protection Commissioner’s referral to the ECJ for an opinion on the...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Germany debates whether apps related to the coronavirus (COVID-19) pandemic would be useful, what they should cover, and what the ramifications would be under applicable data protection laws. ...more
The EU General Data Protection Regulation allows the temporary suspension of some data-protection rights in times of crisis, such as the outbreak of the 2019 Novel Coronavirus. This installment of The eData Guide to GDPR...more
3/10/2020
/ Best Practices ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Emergency Management Plans ,
EU ,
EU Data Protection Laws ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Infectious Diseases ,
International Data Transfers ,
Italy ,
Personal Data ,
Policies and Procedures ,
Popular ,
Public Health ,
Risk Management
The EU Commission issued its report on the third annual review of the functioning of the EU-US Privacy Shield (Privacy Shield) on October 23. The annual review and corresponding report is required of the Commission by the its...more
The European Union (EU) has adopted an adequacy framework for the transfer of personal data between Japan and the European Union. This framework is a mutual arrangement that applies to both sides as of January 23, 2019....more
Based on the flood of updated privacy policies that have inundated email boxes throughout the world, it is clear that the European Union's General Data Protection Regulation (GDPR) is now in full effect. The EU's new European...more
Germany’s EU Data Protection Adaptation and Implementation Act addresses issues left open by the General Data Protection Regulation and implements the EU Directive 2016/680 on Data Protection for the Prevention and...more
On March 23, US President Donald Trump signed the omnibus spending bill, a portion of which contained the Clarifying Lawful Overseas Use of Data Act (CLOUD Act). The CLOUD Act’s main goal is to offer guidance to providers of...more