Introduction - The European Commission’s (EC) proposed regulation (Proposed Regulation) for “trustworthy” Artificial Intelligence (AI) systems establishes rules for the development, placement on the EU market, and use of AI....more
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
6/9/2021
/ Data Processors ,
Data Protection ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The EU-UK Trade and Cooperation Agreement provided breathing room for businesses engaging in data transfers from the EU to the UK in the form of a ‘bridging period’ of up to six months where such transfers can continue...more
On November 12, 2020, the European Commission (EC) published a long anticipated draft of new Standard Contractual Clauses (SCCs) for the transfer of personal data from the European Economic Area (EEA) to third countries whose...more
11/17/2020
/ Data Protection ,
Data Transfers ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Agenda ,
Rulemaking Process ,
Schrems I & Schrems II ,
Standard Contractual Clauses
More than three months after the landmark Schrems II decision of the Court of Justice of the European Union (“CJEU”), the European Data Protection Board (“EDPB”) has issued its recommendations on “supplemental measures” to...more
11/16/2020
/ Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Standards ,
Schrems I & Schrems II ,
Standard Contractual Clauses
In a statement from Facebook’s VP of Global Affairs and Communications, Nick Clegg, the social media giant confirmed that the Irish Data Protection Commission (DPC) has commenced an inquiry into data transfers from the EU to...more
Key Takeaways -
The EU-U.S. Privacy Shield does not ensure an adequate level of protection of personal data and is therefore not a lawful basis for data transfers to the U.S....more
7/24/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Risk Assessment ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
The Information Commissioner’s Office (ICO), the UK’s data protection supervisory authority, has recently issued guidance outlining its approach to the enforcement of data protection obligations during the COVID-19 pandemic....more
4/27/2020
/ Coronavirus/COVID-19 ,
Data Breach ,
Data Protection ,
Enforcement ,
Fines ,
Investigations ,
New Guidance ,
Notification Requirements ,
Relief Measures ,
Subject Access Request (SAR) ,
UK ,
UK ICO
Many workers and employers are adjusting to remote working as a result of the COVID-19 pandemic. That shift has created a unique opportunity for cyber-attackers and criminals – the European Union Agency for Cybersecurity has...more
4/3/2020
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Breach ,
Encryption ,
Multi-Factor Authentication ,
Phishing Scams ,
Policies and Procedures ,
Remote Working ,
Risk Management ,
Software ,
Virtual Private Networks
The United Kingdom (“UK”) left the European Union (“EU”) on 31 January 2020 and entered into a transition period that is due to end on 31 December of this year. During this period, the UK remains subject to EU laws and rules,...more
Employers’ primary concern at this time will be the health and safety of their employees in the wake of what has been declared a global pandemic by the World Health Organization. However, employers should still have regard to...more
In a recently published blog, the Information Commissioner’s Office (“ICO”) provided an update on its review of the adtech sector and noted that, whilst two key organisations are starting to make changes and many have engaged...more
2/18/2020
/ Adtech ,
Advertising ,
Consent ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Internet Auctions ,
Media ,
Personally Identifiable Information ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Public Bidding ,
Technology Sector ,
Transparency ,
UK ,
UK ICO
The Advocate General (AG) says the standard contractual clauses (SCCs) are valid but, where circumstances in the destination third country mean the SCCs would be breached or impossible to abide by, there is an obligation on...more
12/23/2019
/ Actual or Constructive Knowledge ,
Advocate General ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
Duty of Care ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Exports ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Importers ,
International Data Transfers ,
Personal Liability ,
Personally Identifiable Information ,
Popular ,
Prohibited Transactions ,
Risk Management ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Supervisors ,
Trade Suspensions
With a “no-deal” scenario looking increasingly more likely, what steps should businesses be taking in relation to their data protection compliance regimes to prepare for 31 October this year?...more
9/20/2019
/ Compliance ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
No-Deal Brexit ,
Personal Data ,
UK Brexit ,
Withdrawal Agreement
With a “no-deal” scenario looking increasingly more likely, what should brand owners be doing to prepare for 31 October this year?
EU trade marks in the UK -
Once the UK leaves the EU, existing EU trade marks (EUTMs)...more
9/13/2019
/ Corporate Branding ,
EU ,
European Union Intellectual Property Office (EUIPO) ,
European Union Trade Mark (EUTM) ,
Injunctive Relief ,
IP License ,
No-Deal Brexit ,
Non-Use of Trademarks ,
Personal Brands ,
Revocation ,
Trademark Application ,
Trademark Infringement ,
Trademark Registration ,
Trademarks ,
UK ,
UK Brexit ,
UK Intellectual Property Office (UK IPO)
Cookies are files of information which a provider of an online service, such as a website operator, can store on a user’s device. On subsequent visits, the website can access information stored in the cookies to tailor the...more
8/1/2019
/ Compliance ,
Cookies ,
Enforcement ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Prior Express Consent ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Sanctions ,
Third-Party ,
Transparency ,
UK Brexit ,
UK ICO ,
Withdrawal
A recent High Court decision concerning compliance with a data subject access request considered the basis upon which an individual can require the data controller to provide the names of those in receipt of his or her...more
5/25/2019
/ Appeals ,
Civil Conspiracy ,
Compliance ,
Covered Recipients ,
Data Controller ,
Data Subject Access Requests ,
Expert Witness ,
Fraud ,
Information Sources ,
Order To Compel ,
Personal Data ,
Redacted Documents ,
Trial Court Orders ,
UK ,
UK Data Protection Act
On 23 January 2019, the European Data Protection Board (“EDPB”) issued an opinion on the interplay between the EU General Data Protection Regulation (“GDPR”) and the EU Clinical Trials Regulation (“CTR”). The CTR is not yet...more
2/23/2019
/ Business Necessity ,
Clinical Trials ,
Consent ,
Data Controller ,
Data Protection ,
EU ,
EU Clinical Trials Regulation (CTR) ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Life Sciences ,
Medical Necessity ,
Medical Research ,
New Regulations ,
Patient Privacy Rights ,
Personal Data ,
Privacy Laws ,
Public Interest ,
Scientific Research ,
Withdrawal
Further to our previous OnPoint “No Deal” Brexit and its Implications for Data Protection, the European Commission has given an update on its “no deal” Brexit contingency planning in a communication published on November 13,...more
An immense volume of personal data (or personally identifiable information) is proliferating and flowing throughout the world. Personal data is an incredibly valuable asset to companies but data protection and privacy laws...more
3/13/2018
/ Consent ,
Contract Terms ,
Data Controller ,
Data Mapping ,
Data Protection Officers (DPOs) ,
Employee Training ,
Employer Liability Issues ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Multinationals ,
Notice Requirements ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
Third-Party Relationships
The European Commission has issued a notice explaining some of the legal ramifications of Brexit on transfers of personal data from the EU to the UK....more
What is a ‘personal data breach’? First things first, what exactly is a personal data breach? The GDPR defines it as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised...more
11/1/2017
/ Article 29 Working Party (WP29) ,
Breach Notification Rule ,
Data Breach ,
Data Processors ,
Digital Service Providers ,
Economic Sanctions ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Notification Requirements ,
Personal Data
The UK's Information Commissioner, Elizabeth Denham, has launched a series of blogs designed to “bust some of the myths” which she believes have developed around the EU General Data Protection Regulation (GDPR). Her first...more
8/22/2017
/ Consent ,
Corporate Counsel ,
Data Controller ,
Data Processors ,
Employee Privacy Rights ,
Employer Liability Issues ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Popular ,
UK ,
UK Data Protection Act
The Queen’s Speech on 21 June 2017 confirmed the government’s plans for a new data protection law ensuring "that the United Kingdom retains its world-class regime protecting personal data". ...more
The UK government triggered Article 50 on 29 March 2017. However, there is still little clarity on the repercussions of Brexit for European Union trade marks (EUTMs), including the issue of non-use. ...more