The European Cyber Resilience Act (CRA) will lead to the development and implementation of common cybersecurity standards for products with a “digital element” in the European Union.
Whilst the newly adopted and updated...more
The UK’s new Online Safety Act (the “OSA”) and the EU’s Digital Services Act (the “DSA”) both try to make the internet safer by focusing on an online service provider’s systems and processes. But differences in the laws will...more
On 4 May 2023 the European Court of Justice ("CJEU") published its decision (case no. C-300/21) in which it ruled that not any infringement of the General Data Protection Regulation ("GDPR") triggers the right to compensation...more
From 24 April, 2023, victims of cyber-attacks (as defined by the Criminal Code in italic text below) will have 72 hours to file a complaint with “competent authorities” if they want to obtain reimbursement under their...more
In early October, the United States (“U.S.”) and European Union (“EU”) came one step closer to the much-awaited new EU-US Data Privacy Framework (the “Framework”), designed to facilitate transatlantic data flows between the...more
10/26/2022
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
While claims for damages in the event of data protection violations have theoretically existed for some time, they have been gaining in importance since the introduction of the General Data Protection Regulation ("GDPR")....more
Analysis of the Baden-Württemberg Procurement Chamber on the admissibility of the use of IT services by European subsidiaries of U.S. cloud providers I. Background In its recently published decision (12 July 2022), a...more
On 26 July 2022, the Lower Saxony data protection authority ("Lower Saxony DPA") announced that it has imposed a fine of 1.1 million euros on Volkswagen ("VW") due to GDPR violations. It found that VW has violated data...more
Google Analytics remains a hot topic for businesses and apparently also for data protection authorities (DPAs). With the advent of these new decisions and the new CNIL guidance, businesses have an even harder time justifying...more
Update: UK international data transfer agreement and UK addendum to the EU standard contractual clauses now in force In February, the Information Commissioner’s Office (“ICO”), the United Kingdom (UK) data protection...more
A “Kafkaesque” bank customer service experience in France has led to a “Right to be Forgotten” own-goal. Following a decision handed down by the judicial tribunal of Grenoble, France, on 7 February 2022, a French bank has...more
On 2 February 2022 the Belgian Data Protection Authority ("Belgian DPA") ruled that IAB Europe's Transparency and Consent Framework ("TCF") does not comply with the GDPR and fined IAB Europe €250,000. While the sanctions...more