On April 1st, 2025, the General Court of the European Union held its first hearing on the request initiated by member of French parliament Philippe Latombe for annulment of the EU-U.S. Data Privacy Framework (“DPF”) further...more
On 19 March 2025, the European Data Protection Board published an updated procedure for co-operation between EU data protection supervisory authorities approving GDPR Binding Corporate Rules for intra-group transfers of EU...more
On 9 October 2024, the European Data Protection Board (EDPB) published its Opinion 22/2024, clarifying the responsibilities of controllers when relying on processors and sub-processors. This guidance emphasizes the importance...more
On 24 April 2024, the European Data Protection Board ("EDPB") released a set of guidance documents and template complaint forms to facilitate the implementation of the redress mechanisms corresponding to the EU-U.S. Data...more
On 6 May 2024, the German data protection authorities (“DPAs”) issued an extensive guidance paper on the GDPR compliant deployment of artificial intelligence (“AI”) applications. This article summarizes the key findings of...more
Following the European Court of Justice’s (“ECJ”) landmark judgement of 5 December 2023 (case no. C-807/21), the Higher Regional Court of Berlin specified the requirements for GDPR fine notices issued by data protection...more
This summer, the European Data Protection Board (“EDPB”) published the final version of its Recommendations 01/2022 (“Recommendations”) on Binding Corporate Rules for Controllers (“C-BCR”). During the turbulence caused by the...more
On 10 July 2023, the European Commission (EC) adopted its eagerly expected adequacy decision on data transfers under the EU-U.S. Data Privacy Framework (DPF). The adequacy decision was preceded by substantial changes to U.S....more
The Data Protection Authority (“DPA”) of the German state Hamburg is one of the first European DPA to publish an optimistic assessment on the U.S. Executive Order on “Enhancing Safeguards for United States Signals...more
12/5/2022
/ Adequacy Requirement ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Protection Authority ,
EU ,
European Commission ,
Executive Orders ,
Germany ,
Government Investigations ,
Intelligence Services ,
International Data Transfers ,
Judicial Review ,
Personal Data ,
Privacy Framework ,
Proportionality ,
Schrems I & Schrems II
At the beginning of the year, the German data protection authorities (DPAs) announced that they would take joint action to enforce the decision of the European Court of Justice (ECJ) in the "Schrems II" case. On June 1,...more
6/17/2021
/ Audits ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
Germany ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Web Tracking
Following the coming into effect of the GDPR three years ago and in light of last year’s Schrems II decision, the European Commission has adopted a new set of Standard Contractual Clauses (SCCs) aimed at enabling lawful...more
6/4/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) weigh in on the new Standard Contractual Clauses proposed by the European Commission (EC) for transfers to third countries (new...more
2/5/2021
/ Cybersecurity ,
Data Protection ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Germany has seen a couple of record GDPR fines since the German Data Protection Authorities (DPA) issued their guidance paper on how to measure GDPR fines in October 2019. One of these DPA sanctions was recently subject to...more
11/18/2020
/ Cybersecurity ,
Data Protection ,
Enforcement Actions ,
EU ,
European Economic Area (EEA) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Germany ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Statutory Violations
The European Data Protection Board (EDPB) has issued its long-awaited practical guidance following the Court of Justice of the European Union’s (CJEU) landmark Schrems II decision....more
When it comes to infringements of the EU General Data Protection Regulation (GDPR), the first thing that comes to mind are proceedings and fines imposed by the data protection authorities. It is often neglected that GDPR...more