On November 12, 2020, the European Commission (EC) issued a draft version of a new set of Standard Contractual Clauses (New SCCs). The long-awaited New SCCs include several modules that companies can use depending on the...more
On November 11, 2020, the European Data Protection Board (EDPB), comprised of the European data protection regulators (DPAs), issued two long-awaited sets of recommendations. These recommendations are critical for any...more
On September 7, 2020, the European Data Protection Board (EDPB) published draft guidelines (Guidelines) intended to clarify the roles of the parties processing personal data and when they are operating as controllers, joint...more
Over the last few days, the European Data Protection Board (EDPB), the European Data Protection Supervisor (EDPS) and various Supervisory Authorities (SAs) across Europe issued statements addressing the decision of the...more
The COVID-19 virus outbreak poses serious challenges to businesses operating globally, including in Europe. In response to the outbreak, governments worldwide are taking increasingly severe measures to fight the pandemic, and...more
3/26/2020
/ Coronavirus/COVID-19 ,
Corporate Counsel ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Data Subject Access Requests ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Security ,
Personal Data ,
Privacy Laws
On February 7, 2020, the European Data Protection Board (EDPB) published draft guidelines on the processing of personal data in the context of connected vehicles and mobility related applications. If adopted in their current...more
3/10/2020
/ Automotive Industry ,
Connected Cars ,
Consultation ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Draft Guidance ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Data
On December 19, 2019, in the Facebook Ireland and Schrems (Schrems 2.0) case, the Advocate General (AG) to the European Court of Justice (ECJ)—European Union's highest court—opined that the EU Standard Contractual Clauses...more
12/23/2019
/ Binding Corporate Rules ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Supervisory Authorities (ESAs) ,
Facebook ,
International Data Transfers ,
Personal Data ,
Popular ,
Right to Be Forgotten ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
US-EU Safe Harbor Framework
On June 28, 2019, the French Data Protection Authority (CNIL) released its 2019-2020 action plan on ad targeting (action plan); among other things, the CNIL announced that it will issue new cookie guidance later this month...more
On July 9, 2019, the European Court of Justice (ECJ)—the highest court of the European Union—will hear oral arguments in the Schrems 2.0 case relating to the validity of two key data transfer mechanisms: the Standard...more
7/26/2019
/ Binding Corporate Rules ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Safe Harbors ,
Standard Contractual Clauses
On June 27, 2019, the EU Regulation on Information and Communication Technology (Cybersecurity Act or Act) became effective introducing, for the first time, EU-wide rules for the cybersecurity certification of products and...more
The UK's pending exit from the European Union on March 29, 2019, will have far-reaching effects on many business activities, including the processing of personal data. While the ultimate legal implications are subject to...more
In yet another round of Schrems versus Facebook, on January 25, 2018, the Court of Justice of the European Union (CJEU) ruled that privacy activist Max Schrems is a consumer with regard to his Facebook profile despite his...more
On October 3, 2017, the High Court of Ireland issued its decision in Data Protection Commissioner vs Facebook and Schrems1 concerning the validity of the EU Standard Contractual Clauses (SCCs)—a mechanism used by a very large...more
The EU Parliament Committee in charge of reviewing the EU Commission's Proposal for an e-Privacy Regulation (Proposal) released a Draft Report proposing amendments this week....more
6/23/2017
/ Bluetooth ,
Data Protection ,
Do Not Call List ,
e-Privacy Directive ,
Electronic Communications ,
Encryption ,
EU ,
General Data Protection Regulation (GDPR) ,
Opt-In ,
Web Tracking ,
Wifi
On July 26, 2016, the body of European Data Protection Authorities (DPAs)—the "Article 29 Working Party" (WP29)—issued a statement commending the improvements made to the EU-U.S. Privacy Shield (Privacy Shield). Although the...more
On July 12, 2016, the EU Commission and the U.S. Secretary of Commerce announced the adoption of the EU-U.S. Privacy Shield (Privacy Shield). This announcement follows today's adequacy decision by the College of EU...more
7/13/2016
/ Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
Model Contracts ,
Ombudsman ,
Schrems I & Schrems II ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
On July 6, 2016, the European Parliament adopted the first-ever pan-European law on cyber security. The law, entitled the "Directive on the Security of Network and Information Systems" (NIS Directive), imposes security...more
Two recent developments have significantly increased the already uncertain legal landscape surrounding transatlantic data flows. Earlier today, the EU Parliament voted out a resolution calling on the European Commission (EU...more
On April 14, 2016, the European Parliament formally adopted the General Data Protection Regulation (GDPR). With this vote, the new EU data protection legal framework will become legally effective in two years and 20 days from...more
On April 13, 2016, the body of European Data Protection Authorities (DPAs)—the "Article 29 Working Party" (WP29)—issued its opinion on the new EU-U.S. Privacy Shield.1 The WP29 acknowledged that progress has been made with...more
With a new year come exciting new developments in the world of privacy and data protection. We are thrilled to announce the launch of the digital version of The WSGR Data Advisor. Please visit our site for the latest news and...more
On February 3, 2016, the body of European data protection regulators—called the "Article 29 Working Party" (WP29)—issued a statement following the announcement of a political agreement regarding a new transatlantic data...more
On February 2, 2016, the European Commission (EU Commission) announced that a political agreement on a new legal framework for data transfers has been reached between the European Union (EU) and the U.S.1 Today's agreement...more
On December 15, 2015, the European Parliament and the Council of the European Union (Council) reached a political agreement on the future EU data protection legal framework. This is a significant step towards adoption of the...more
The last two months certainly have been eventful in the world of privacy. In this issue of The WSGR Data Advisor, we examine the Court of Justice of the European Union’s recent and highly significant Schrems decision that...more
11/20/2015
/ Comcast ,
Cybersecurity ,
EU ,
EU Data Protection Laws ,
Federal Trade Commission (FTC) ,
HIPAA Audits ,
PCI-DSS Standard ,
Schrems I & Schrems II ,
Securities and Exchange Commission (SEC) ,
Security and Privacy Controls ,
Technical Conference ,
US-EU Safe Harbor Framework