On 28 January 2022 (Data Protection Day), the UK’s International Data Transfer Agreement (“IDTA”) and International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses (the “EU Addendum”) were...more
On 11 August, the UK Information Commissioner’s Office launched a consultation paper on “International transfers under UK GDPR”. The documents released alongside the paper include a draft International Data Transfer Agreement...more
8/16/2021
/ Consultation ,
Corporate Counsel ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Risk Assessment ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The European Commission recently adopted new standard contractual clauses (SCCs) for transfers of personal data from the EU to “third countries” (the “new SCCs”). In this post, we highlight key developments in the UK’s data...more
7/9/2021
/ Data Controller ,
Data Processors ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Member State ,
Personal Data ,
Standard Contractual Clauses ,
UK ,
UK Brexit
This article explores the topic of appointed representatives under Article 27 of the GDPR. What are they? When do you need one? How is regulatory enforcement starting to play out in the EU and in the UK on this issue?...more
6/21/2021
/ Appointed Public Officials ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Enforcement Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Registered Representatives ,
Regulatory Requirements ,
UK
The Information Commissioner’s Office or the “ICO” is the British supervisory authority charged with enforcing GDPR. The Commission Nationale de l’informatique et des libertes (the “CNIL”) is the French supervisory authority....more
On October 1, the European Court of Justice (the “ECJ”) confirmed recent guidance from the UK and CNIL regulators in finding that the use of pre-checked boxes does not constitute consent for processing of personal information...more
10/3/2019
/ CNIL ,
Consent ,
Cookies ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Lottery ,
Online Advertisements ,
Personal Information ,
Sweepstakes ,
UK ,
Websites
Probably not.
A data subject’s consent to the use of analytics or behavioural cookies must be a valid “affirmative act.” While it may be argued that the data subject is indeed performing an “affirmative act” by continuing...more
Probably not.
A cookie can qualify as “personal data” under GDPR when it can be linked to an individual person. Even in instances where a cookie cannot be linked, it is still governed by the ePrivacy Directive and...more
7/24/2019
/ Consent ,
Cookie Banners ,
Cookies ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Popular ,
Prior Express Consent ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
UK