In this Essential Guide, which is part of Orrick’s Cybersecurity & Privacy Compass Series, we will provide insight into the potential fines that companies may face for violating the General Data Protection Regulation...more
In early October, the United States (“U.S.”) and European Union (“EU”) came one step closer to the much-awaited new EU-US Data Privacy Framework (the “Framework”), designed to facilitate transatlantic data flows between the...more
10/26/2022
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Google Analytics remains a hot topic for businesses and apparently also for data protection authorities (DPAs). With the advent of these new decisions and the new CNIL guidance, businesses have an even harder time justifying...more
France’s data protection authority, the Commission Nationale de Informatique et des Libertés (“CNIL”), has issued one of its highest General Data Protection Regulation (“GDPR”) sanctions to-date against Dedalus Biologie SAS...more
The United States ("U.S.") and the European Commission ("EU Commission") recently announced an “agreement in principle” to develop a new Trans-Atlantic Data Privacy Framework (“Framework”). The Framework is intended to...more
On March 10 2022, the UK Information Commissioner’s Office (ICO) handed down its first Monetary Penalty Notice in respect of a ransomware attack and data exfiltration incident under the UK General Data Protection Regulation...more
Orrick's Cyber, Privacy & Data Innovation and IP Licensing & Technology Transactions groups cover the top 10 things you need to know about the new Standard Contractual Clauses ("SCCs") published today by the European...more
6/7/2021
/ Corporate Counsel ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Clauses ,
Model Contracts ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK ,
UK ICO
The European Commission (the "Commission") recently published its highly-anticipated communication and proposal for a "Regulation laying down harmonised rules on artificial intelligence"(the "AI Regulation"). The AI...more
Assessment List for Trustworthy Artificial Intelligence -
On July 17, 2020, the European High-Level Expert Group on Artificial Intelligence (“AI HLEG”) presented its final Assessment List for Trustworthy Artificial...more
8/20/2020
/ Artificial Intelligence ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Ethics ,
European Commission ,
Human Rights ,
Information Governance ,
Popular ,
Privacy Concerns ,
Regulatory Oversight ,
Small and Medium-Sized Enterprises (SMEs) ,
Sustainable Business Practices ,
Transparency
The Bavarian Data Protection Authority (“BDPA”) took the “safer internet day” in February 2019 as an opportunity to conduct privacy checks on website operators....more
3/22/2019
/ Cookies ,
Cybersecurity ,
Data Protection ,
Enforcement Authority ,
Germany ,
Internet ,
Investigations ,
Popular ,
Regulatory Standards ,
Transparency ,
Vulnerability Assessments ,
Web Tracking ,
Websites
The EU-Japan Economic Partnership Agreement between Japan and the European Union (“EU”) recently came into force, creating the world’s biggest open trading zone that covers 635 million people and almost one-third of the...more
On January 21, 2019, the French data protection supervisory authority (“CNIL”) fined Google €50 million (approximately $57 million) for violating the European General Data Protection Regulation (“GDPR”). ...more
2/14/2019
/ CNIL ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
EU Data Protection Laws ,
Fines ,
General Data Protection Regulation (GDPR) ,
Google ,
Notice Requirements ,
Online Advertisements ,
Personal Data ,
Popular ,
Prior Express Consent ,
Regulatory Violations ,
Transparency
Just days after the European Union’s widely-discussed new data privacy regulations, the General Data Protection Regulation (“GDPR”), took effect on May 25, 2018, another EU-wide legal change quietly occurred. ...more
6/21/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Directive on Trade Secrets ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Intellectual Property Protection ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Trade Secrets
Global companies face stricter rules on employee data privacy, in particular when using social media and internal monitoring tools. It also now becomes clearer that many EU Member States will use the opening clause of Art. 88...more
On September 12, 2016, the Data Protection Authority of the German Federal State of North Rhine-Westphalia (“DPA NRW”) became one of the first EU data protection authorities to issue guidance on the implementation of the...more
Can employers look at the company email accounts of employees, such as when they do not show up to work? Can employers monitor employee Internet use during working hours? Can employers read employee emails if they use the...more
Website providers that collect dynamic Internet Protocol addresses (“IP address”) from website visitors may soon be subject to even more scrutiny from data protection authorities in the EU.
Last week, Europe’s Advocate...more
While EU regulators determine whether to adopt a new agreement for transfers of personal data from Europe to the United States to replace the invalid EU-U.S. Safe Harbor Framework, German data protection authorities have not...more
5/11/2016
/ Corporate Counsel ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
Germany ,
International Data Transfers ,
Personal Data ,
Popular ,
US-EU Safe Harbor Framework
Germany is not only known as one of the best countries for enjoying beer and bratwurst, but it is also known as a country with some of the strictest data privacy laws on the planet. Within this environment, should companies...more
The European Commission has announced that it has reached a deal to replace the EU-US Safe Harbor framework that was declared invalid last year by the Court of Justice of the European Union (“ECJ”). Heralded as the EU-US...more
1. CJEU finds Safe Harbor Invalid -
In a landmark ruling delivered today, Europe's highest court, the Court of Justice of the European Union (CJEU) declared that the EU Commission's US - EU Safe Harbour regime is...more
10/7/2015
/ Cloud Computing ,
Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Due Diligence ,
EU ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
Facebook ,
International Data Transfers ,
Personal Data ,
Popular ,
Privacy Concerns ,
Privacy Policy ,
Safe Harbors ,
US-EU Safe Harbor Framework ,
Young Lawyers
On Wednesday, Jan. 29, 2015, Berlin Data Protection Commissioner Dr. Alexander Dix, speaking at the European Data Protection Conference in Berlin, made a number of important announcements regarding the EU/U.S. Safe Harbor...more