On 18 January 2023, the European Data Protection Board ("EDPB") published a report on the work undertaken by its Cookie Banner Task Force to ensure a uniform approach regarding a number of cookie-banner-related complaints...more
Last week, the European Data Protection Board ("EDPB") published a long-awaited update of its guidance on breach notification—which did not contain much news generally. However, it does bring a significant new burden for...more
After months of anticipation, the European Data Protection Board (EDPB) adopted new Guidelines on the calculation of administrative fines under the GDPR in May 2022. With the newly released Guidelines, the EDPB seeks to...more
On May 12, 2022, the European Data Protection Board (EDPB) published its long-awaited Guidelines 04/2022 on the calculation of fines under the General Data Protection Regulation (GDPR). After many data protection authorities...more
On November 19, 2021, the European Data Protection Board (“EDPB”) issued draft guidance on the interplay between Article 3 of the General Data Protection Regulation (“GDPR”) and the provisions on international transfers...more
Orrick's Cyber, Privacy & Data Innovation and IP Licensing & Technology Transactions groups cover the top 10 things you need to know about the new Standard Contractual Clauses ("SCCs") published today by the European...more
6/7/2021
/ Corporate Counsel ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Clauses ,
Model Contracts ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK ,
UK ICO
On November 11, 2020, the European Data Protection Board (EDPB) published its long-awaited guidance on what parties to international data transfers should be doing to perform such transfers in a manner compliant with the...more
On 16 July, 2020 the European Court of Justice (“CJEU”) published its decision invalidating the EU-U.S. Privacy Shield and setting out enhanced requirements for using the so-called Standard Contractual Clauses for Processors...more
8/26/2020
/ Consumer Privacy Rights ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
European Supervisory Authorities (ESAs) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses
EDPB and data protection authorities’ views and statements on the “Schrems II”- decision by the CJEU -
On 16 July, 2020, the European Court of Justice (“CJEU“) passed a decision invalidating the EU-US Privacy Shield and...more
7/30/2020
/ Binding Corporate Rules ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The European Data Protection Board (EDPB) and a number of European data protection supervisory authorities have recently issued guidance on processing personal data, including special categories of personal data (i.e., health...more
3/17/2020
/ China ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Crisis Management ,
Cybersecurity ,
Data Management ,
Data Processors ,
Data Protection ,
Denmark ,
Employee Privacy Rights ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Infectious Diseases ,
International Data Transfers ,
Ireland ,
Italy ,
Luxembourg ,
New Guidance ,
Norway ,
Personal Data ,
Personally Identifiable Information ,
PHI ,
Poland ,
Public Health ,
Risk Management ,
Spain ,
UK
Since the first enforcement actions have been initiated, some with significant fines, many companies may find themselves somewhat at a loss as they may not fully know how to assess the risks involved and how to react should...more
12/16/2019
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Processors ,
Data Protection ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
Failure to Comply ,
Fines ,
General Data Protection Regulation (GDPR) ,
Germany ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Assessment ,
Risk Management ,
Risk Mitigation ,
Treaty on the Functioning of the European Union (TFEU)
The EDPB’s new Guidelines on Article 6(1)(b) may severely limit e-commerce business’ ability to enhance data processing by unilaterally defining contractual services....more
10/22/2019
/ Contract Termination ,
Contract Terms ,
Corporate Counsel ,
Data Management ,
Data Processing Rules ,
E-Commerce ,
EU ,
European Data Protection Board (EDPB) ,
Fraud Prevention ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Transparency