On 19 March 2025, the European Data Protection Board published an updated procedure for co-operation between EU data protection supervisory authorities approving GDPR Binding Corporate Rules for intra-group transfers of EU...more
On 9 October 2024, the European Data Protection Board (EDPB) published its Opinion 22/2024, clarifying the responsibilities of controllers when relying on processors and sub-processors. This guidance emphasizes the importance...more
On 8 October 2024, the European Data Protection Board (“EDPB”) issued draft Guidelines 1/2024 concerning the processing of personal data based on legitimate interests under Article 6(1)(f) of the GDPR (“Guidance”), which...more
The UK Information Commissioner’s Office (ICO) has recently published an update on its enforcement efforts in respect of website cookie compliance. It follows a letter the ICO sent in November 2023 to 53 of the top 100 UK...more
On 10 July 2023, the European Commission (EC) adopted its eagerly expected adequacy decision on data transfers under the EU-U.S. Data Privacy Framework (DPF). The adequacy decision was preceded by substantial changes to U.S....more
On 29 March 2023, the UK government published its long-awaited white paper on its intended approach to regulating AI. The proposal seeks to strike a balance between the primary policy objective of creating a ‘pro-innovation’...more
On 8 March 2023, the UK Department for Science, Information and Technology (DSIT) published the Data Protection and Digital Information (No.2) Bill (DPDI 2) which provides an update to the Government's reforms to the UK data...more
On 13 December 2022, the European Commission (“EC”) published its draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”) that is intended to foster trans-Atlantic data flows and address the concerns raised by...more
Binding Corporate Rules (BCR) are often considered the “gold standard” for international transfers of personal data subject to the GDPR. In contrast to the Standard Contractual Clauses of the European Commission (SCC), BCR...more
The Information Commissioner's Office (ICO) has published new guidance on direct marketing using electronic mail and live calls, aimed at providing a more detailed overview of the rules on direct marketing as well as...more
On 24 January and 8 April 2022, the procedure before the French Data Protection Authority (CNIL) was reformed with the aim notably to better respond to the growing number of complaints that the CNIL receives each year...more
On 17 June 2022, the UK government published its refined plans for reforming UK data protection law, following a detailed consultation exercise undertaken last year. The proposals form part of wider changes to the UK...more
6/28/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Legislative Agendas ,
Personal Data ,
Popular ,
Regulatory Agenda ,
UK ,
UK GDPR
On 25 May 2022, the European Commission released long-awaited guidance for the Standard Contractual Clauses (SCCs) adopted in June 2021. The Commission has developed Questions and Answers (Q&As) as a dynamic source of...more
Research and development, innovation, product and service improvement, AI design and deployment...these are key commercial drivers for the successful modern business. They also underpin technological, medicinal, and other...more
Hogan Lovells’ Privacy and Cybersecurity team have made a formal submission to the Information Commissioner’s Office consultation on how organisations can continue to protect people’s personal data when it is transferred...more
On 31 May 2020, Max Schrems' organization, NOYB, launched a new campaign aimed at ending what they dramatically refer to as the “cookie banner terror.” The campaign was spearheaded by sending over 560 draft complaints to...more
The General Data Protection Regulation 2016/679 (GDPR) provides means to enforce provisions related to personal data processing by you as a data controller or data processor. It introduces collective actions everywhere in...more
On 13 January 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued an important opinion in the case of Facebook Belgium v Gegevensbeschermingsautoriteit (C-645/19) which considers the...more
1/18/2021
/ Court of Justice of the European Union (CJEU) ,
Cross-Border ,
Cybersecurity ,
Data Protection ,
e-Privacy Directive ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Lead Supervisory Authority ,
Personal Data ,
Popular
The European Data Protection Board (EDPB) has issued its long-awaited practical guidance following the Court of Justice of the European Union’s (CJEU) landmark Schrems II decision....more
The table below sets out the guidance provided by data protection authorities (DPA) in response to the European Court of Justice’s landmark judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland and...more
7/23/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Across the world, large retail stores and small businesses alike are shutting their doors. International flights and sporting events, conferences and concerts (and everything in between) are being cancelled. ...more
On 10 January 2017, the European Commission issued a proposal for a new ePrivacy Regulation (ePR) triggering a legislative process that is still ongoing. The proposed ePR was intended to replace the existing ePrivacy...more
11/26/2019
/ Blockchain ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Distributed Ledger Technology (DLT) ,
E-Commerce ,
e-Privacy Directive ,
Electronic Communications ,
EU ,
Framework Agreement ,
General Data Protection Regulation (GDPR) ,
Innovative Technology ,
Internet of Things ,
Personal Data ,
Risk-Based Approaches
The General Data Protection Regulation 2016/679 (GDPR) provides means to enforce provisions related to personal data processing by you as a data controller or data processor. It introduces collective actions everywhere in...more
11/22/2019
/ Burden of Proof ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Commission ,
Evidence ,
Forum Shopping ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Litigation Strategies ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Risk Management ,
Russia
On 1 October 2019, the Court of Justice of the European Union (CJEU) handed down a crucial decision impacting the way that consent is obtained on the internet. The judgment relates to Case C-673/17....more
10/2/2019
/ Cookies ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Management ,
EU ,
General Data Protection Regulation (GDPR) ,
Internet ,
Opt-In ,
Personal Data ,
Prior Express Consent ,
Regulatory Standards ,
Third-Party
The dynamism of the Technology, Media and Telecoms sector is set to continue.
Challengers can reach scale seemingly overnight, forcing market change at a similar speed. Established business models are upended, driving...more
6/21/2019
/ 5G Network ,
Antitrust Provisions ,
Artificial Intelligence ,
Big Data ,
Digital Media ,
Drones ,
eSports ,
Foreign Investment ,
General Data Protection Regulation (GDPR) ,
Hulu ,
Intellectual Property Protection ,
Internet Streaming ,
Netflix ,
Outer Space ,
Satellites ,
Standard Essential Patents ,
Telecommunications ,
Television Programming ,
Trade Policy ,
UK Brexit