On 19 March 2025, the European Data Protection Board published an updated procedure for co-operation between EU data protection supervisory authorities approving GDPR Binding Corporate Rules for intra-group transfers of EU...more
On 9 October 2024, the European Data Protection Board (EDPB) published its Opinion 22/2024, clarifying the responsibilities of controllers when relying on processors and sub-processors. This guidance emphasizes the importance...more
On 8 October 2024, the European Data Protection Board (“EDPB”) issued draft Guidelines 1/2024 concerning the processing of personal data based on legitimate interests under Article 6(1)(f) of the GDPR (“Guidance”), which...more
As the popularity of AI technologies has continued to grow in 2023, so has the number of laws and regulations seeking to address the potential risks and societal harms that may arise. The evolving legislation and calls to...more
On 10 July 2023, the European Commission (EC) adopted its eagerly expected adequacy decision on data transfers under the EU-U.S. Data Privacy Framework (DPF). The adequacy decision was preceded by substantial changes to U.S....more
On 8 March 2023, the UK Department for Science, Information and Technology (DSIT) published the Data Protection and Digital Information (No.2) Bill (DPDI 2) which provides an update to the Government's reforms to the UK data...more
On 13 December 2022, the European Commission (“EC”) published its draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”) that is intended to foster trans-Atlantic data flows and address the concerns raised by...more
The White House has issued its Executive Order on Enhancing Safeguards for United States Signal Intelligence Activities (“EO”), which provides additional due process protections to the use of surveillance mechanisms by U.S....more
10/10/2022
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Standard Contractual Clauses ,
Surveillance
On 24 January and 8 April 2022, the procedure before the French Data Protection Authority (CNIL) was reformed with the aim notably to better respond to the growing number of complaints that the CNIL receives each year...more
On 17 June 2022, the UK government published its refined plans for reforming UK data protection law, following a detailed consultation exercise undertaken last year. The proposals form part of wider changes to the UK...more
6/28/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Legislative Agendas ,
Personal Data ,
Popular ,
Regulatory Agenda ,
UK ,
UK GDPR
Research and development, innovation, product and service improvement, AI design and deployment...these are key commercial drivers for the successful modern business. They also underpin technological, medicinal, and other...more
Following the coming into effect of the GDPR three years ago and in light of last year’s Schrems II decision, the European Commission has adopted a new set of Standard Contractual Clauses (SCCs) aimed at enabling lawful...more
6/4/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The General Data Protection Regulation 2016/679 (GDPR) provides means to enforce provisions related to personal data processing by you as a data controller or data processor. It introduces collective actions everywhere in...more
On 13 January 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued an important opinion in the case of Facebook Belgium v Gegevensbeschermingsautoriteit (C-645/19) which considers the...more
1/18/2021
/ Court of Justice of the European Union (CJEU) ,
Cross-Border ,
Cybersecurity ,
Data Protection ,
e-Privacy Directive ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Lead Supervisory Authority ,
Personal Data ,
Popular
After months of arduous negotiations, the EU-UK Trade and Cooperation Agreement (the Brexit Deal) of 24 December 2020 is good news and provides a welcome degree of certainty to businesses....more
Right on the heels of the practical guidance issued by the European Data Protection Board (EDPB) on supplemental safeguards for international data transfers and European Essential Guarantees for surveillance measures, on...more
The European Data Protection Board (EDPB) has issued its long-awaited practical guidance following the Court of Justice of the European Union’s (CJEU) landmark Schrems II decision....more
The table below sets out the guidance provided by data protection authorities (DPA) in response to the European Court of Justice’s landmark judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland and...more
7/23/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Court of Justice of the European Union today invalidated the EU-US Privacy Shield and called into question the extent to which EU data exporters could rely on the European Commission’s Standard Contractual Clauses for...more
The world is on a mission: beating the coronavirus and making normal life safe again. This is a scientific and medical challenge like no other, but our collective hope is that a viable solution will be found. In parallel,...more
Across the world, large retail stores and small businesses alike are shutting their doors. International flights and sporting events, conferences and concerts (and everything in between) are being cancelled. ...more
As highlighted by our new Privacy 2040 initiative, there have never been more opportunities to shape the existing and future privacy and cybersecurity legal framework. ...more
On January 15, the Court of Justice of the European Union’s (CJEU) Advocate General (AG) Manuel Campos Sánchez-Bordona delivered his Opinion on four references for preliminary rulings on the topic of retention of and access...more
1/20/2020
/ Advocate General ,
Data Privacy ,
Data Protection ,
Data Retention ,
e-Privacy Directive ,
Electronic Communications ,
Electronic Data Transmissions ,
EU ,
Government Agencies ,
Investigatory Powers Act 2016 ,
National Security ,
Personal Data ,
Right of Access ,
Telecommunications Act ,
UK ,
UK Brexit
On 10 January 2017, the European Commission issued a proposal for a new ePrivacy Regulation (ePR) triggering a legislative process that is still ongoing. The proposed ePR was intended to replace the existing ePrivacy...more
11/26/2019
/ Blockchain ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Distributed Ledger Technology (DLT) ,
E-Commerce ,
e-Privacy Directive ,
Electronic Communications ,
EU ,
Framework Agreement ,
General Data Protection Regulation (GDPR) ,
Innovative Technology ,
Internet of Things ,
Personal Data ,
Risk-Based Approaches
The General Data Protection Regulation 2016/679 (GDPR) provides means to enforce provisions related to personal data processing by you as a data controller or data processor. It introduces collective actions everywhere in...more
11/22/2019
/ Burden of Proof ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Commission ,
Evidence ,
Forum Shopping ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Litigation Strategies ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Risk Management ,
Russia