As the Paris 2024 Summer Olympic and Paralympic Games (the “Games”) turn onto the final straight, the Games have yet again captured widespread global attention, on and off the track. With over 15.3 million visitors in Paris...more
9/4/2024
/ Algorithms ,
Artificial Intelligence ,
Cameras ,
CNIL ,
Data Privacy ,
Data Protection ,
Data Security ,
France ,
General Data Protection Regulation (GDPR) ,
Olympics ,
Privacy Concerns ,
Public Property ,
Security and Privacy Controls ,
Security Cameras
Following the publication of several press articles and employee complaints, the French data protection regulator (“CNIL”) carried out an investigation at the Amazon France Logistique’s (“Amazon”) warehouses.
The CNIL's...more
1/31/2024
/ Amazon ,
CCTV ,
CNIL ,
Corporate Fines ,
Data Collection ,
Data Protection ,
Employee Monitoring ,
Employee Privacy Rights ,
Employee Rights ,
Enforcement Actions ,
France ,
General Data Protection Regulation (GDPR) ,
Health and Safety ,
Investigations ,
Surveillance ,
Temporary Employees
A few weeks ago, on 24 September 2023, the Data Governance Act (Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance) (“DGA”) came into force.
The DGA aims to...more
11/14/2023
/ Administrative Authority ,
Best Practices ,
Data Collection ,
Data Management ,
Data Protection ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Information Management ,
International Data Transfers ,
Member State ,
Public Sector ,
Third-Party Service Provider
On 12 October the UK–U.S. “data bridge” becomes operational, providing an additional, compliant route for UK-outbound transfers of personal data to U.S. organisations that are EU-U.S. Data Privacy Framework members. UK...more
10/12/2023
/ Adequacy Requirement ,
Biden Administration ,
Data Protection ,
Data Subjects Rights ,
Executive Orders ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Popular ,
Privacy Framework ,
Regulatory Oversight ,
UK
On 18 August 2023, the UK’s Information Commissioner’s Office (“ICO”) published draft guidance on biometric recognition (the “Draft Guidance”) for public consultation. The Draft Guidance explains how data protection law...more
9/11/2023
/ Artificial Intelligence ,
Biometric Information ,
Consultation ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Draft Guidance ,
Personal Data ,
Privacy-By-Design ,
UK ,
UK GDPR ,
UK ICO
On 8 March 2023, the newly-created Department for Science, Innovation and Technology (“DSIT”) introduced the UK government’s updated proposals for data protection reform in the shape of the Data Protection and Digital...more
4/12/2023
/ Compliance ,
Consent ,
Cookies ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
General Data Protection Regulation (GDPR) ,
Proposed Legislation ,
Regulatory Requirements ,
Small and Medium-Sized Enterprises (SMEs) ,
UK
The updated guidelines (05/2021) from the European Data Protection Board (“EDPB”) issued on 14 February 2023 (the “New Guidelines”) look at the interplay of two fundamental, protective mechanisms contained in the EU GDPR....more
3/17/2023
/ Data Controller ,
Data Processors ,
Data Protection ,
Draft Guidance ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Guidance Update ,
International Data Transfers ,
Personal Data
The recent CJEU decision in X-FAB (Case C-453/21) provides guidance on how to determine whether a conflict of interest could arise for your Data Protection Officer (“DPO”) and how to avoid this. It also confirms the approach...more
Two and a half years after the Schrems II decision invalidated the EU-US Privacy Shield, the EU and US are inching closer to a replacement data transfer mechanism for EU to US personal data transfers. On 13 December 2022, the...more
The European Commission published a draft Adequacy Decision for the UK on 19 February. That document remains in draft, though it is understood to have successfully cleared the last formal approval stage required....more
6/21/2021
/ Adequacy Requirement ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Standard Contractual Clauses ,
UK
This article explores the topic of appointed representatives under Article 27 of the GDPR. What are they? When do you need one? How is regulatory enforcement starting to play out in the EU and in the UK on this issue?...more
6/21/2021
/ Appointed Public Officials ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Enforcement Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Registered Representatives ,
Regulatory Requirements ,
UK
With the UK now unambiguously out of the EU, the EU General Data Protection Regulation (2016/679) (“EU GDPR”) has been replaced by the United Kingdom General Data Protection Regulation (“UK GDPR”). In this third instalment of...more
1/28/2021
/ Commercial Contracts ,
Contract Drafting ,
Data Breach ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Notice Requirements ,
Privacy Policy ,
Regulatory Requirements ,
UK ,
UK Brexit ,
UK GDPR
This second instalment of our Brexit & Data Digest outlines the main sources of data protection law in the UK following the end of the Brexit transition period, and how the EU GDPR may continue to have relevance for companies...more
On 2 September 2020, the European Data Protection Board (“EDPB”) published draft guidelines on the concepts of controller, joint controllers and processor, which – as explained below - play a crucial role within GDPR...more