In just under 100 days, the EU General Data Protection Regulation (GDPR) enters into force. One of the major changes the GDPR introduces is a duty for in-scope controllers and processors to maintain written records of their...more
In less than 100 days, the General Data Protection Regulation (GDPR) will go into effect. This means that as of May 25, 2018, each national Supervisory Authority will have the authority to apply and enforce the GDPR....more
About this time last January, the European Parliament released its proposal for a new ePrivacy Regulation. The intent of the ePrivacy Regulation is to replace the current ePrivacy regime – which consists of an ePrivacy...more
Last year, Germany became the first EU member state to pass legislation implementing the EU’s General Data Protection Regulation (GDPR). For companies, national GDPR implementing legislation can be significant....more
On November 16, 2017, the Belgian Senate adopted an “Act on the Establishment of the Data Protection Authority.” Following Austria, Germany, and the UK, Belgium is the fourth EU member state to pass a domestic statute...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
This is Part 2 of a two-part English-language overview of Germany’s recently passed new version of the Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG)—the BDSG-New, which implements the EU General Data...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
On February 7, 2017, the Spanish Ministry of Justice launched a public consultation as a preliminary step before the drafting of a new bill implementing the General Data Protection Regulation (“GDPR”). The press release...more
Late last week, the Article 29 Working Party (“WP29”) issued detailed guidance on companies’ obligations under three key provisions of the General Data Protection Regulation (GDPR). This is part one of a three-part Alston &...more
Most privacy professionals are familiar with the European Court of Justice’s 2015 Schrems decision, which struck down the US-EU Safe Harbor mechanism. One lesser-discussed aspect of the ECJ’s decision related to the powers...more
Just under a year ago today, the European Court of Justice (ECJ) issued its Schrems decision, which invalidated Safe Harbor and led to substantial developments in US-EU data-transfer mechanisms. In parallel to the ECJ Safe...more
On May 25, 2018, the EU General Data Protection Regulation (GDPR) enters into force. One of the major changes the GDPR introduces is a duty for in-scope controllers and processors to maintain written records of processing...more
Even before the ECJ’s Schrems decision invalidated Safe Harbor, the European Commission had begun working closely with US negotiators to craft what has become the U.S.-EU Privacy Shield. While EU privacy leaders have noted...more
One of the most important EU legislative initiatives in recent years, and a landmark in privacy regulation worldwide, the GDPR is set to replace the Data Protection Directive (95/46/EC) of 1995. After the Council of...more
Several hours after holding a closely-watched press conference we reported on yesterday, the Article 29 Working Party (“Art. 29 WP”) released its highly anticipated formal opinion on the adequacy of Privacy Shield. Background...more
Following the European Court of Justice’s Schrems decision invalidating the Safe Harbor mechanism, much attention has focused on how the Data Protection Authorities (DPAs) of EU member states would interpret and enforce...more