On May 16, 2022, the European Data Protection Board (‘EDPB’) published draft regulatory guidelines (‘draft guidance’) on the calculation of administrative fines for infringements of the EU General Data Protection Regulation...more
The Italian Garante per la Protezione dei dati Personali (‘Italian SA’) published a decision of February 10, 2022 in which it imposes a 20 million EUR fine on a company outside of Europe for violation of the EU General Data...more
3/11/2022
/ Artificial Intelligence ,
Biometric Information ,
Corporate Fines ,
Data Controller ,
Data Processors ,
Enforcement Actions ,
EU ,
European Supervisory Authorities (ESAs) ,
Foreign Entities ,
General Data Protection Regulation (GDPR) ,
Geolocation ,
Italy ,
Personal Data
On January 28, 2022, the European Data Protection Board (“EDPB”) published draft regulatory guidelines (“draft guidance”) on the right of data subjects to have access to their personal data under the EU General Data...more
In a decision of December 16, 2021, the Belgian Data Protection Authority (“DPA”) imposed a EUR 75,000 administrative fine on a bank located in Belgium for failure to comply with the requirement in Article 38.6 of the General...more
On November 18, the European Data Protection Board (“EDPB”) released draft guidelines on the interplay between Article 3 GDPR – which sets out the GDPR’s territorial scope – and the provisions in Chapter V of the GDPR, which...more
The Belgian Supreme Court ruled in a judgment of Oct. 7, 2021 that a data subject has the right to lodge a complaint with the Data Protection Authority against a processing practice that violates the GDPR (in this case, the...more
The Data Strategy Webinar Series spotlights cutting-edge issues in privacy and cybersecurity. This session will feature the latest developments regarding SCCs and data transfers out of Europe, including a discussion of...more
Earlier this month, the European Data Protection Board (EDPB) published a report on the resources that the EU Member States make available to their Data Protection Authorities (DPA) and on the enforcement actions initiated by...more
On July 7th, the European Data Protection Board (“EDPB”) adopted its finalized guidelines on the concepts of controller and processor in the General Data Protection Regulation (“GDPR”). While the EDPB’s predecessor – the...more
Our Privacy, Cyber & Data Strategy Team answers five questions about the standard contractual clauses that aim to ensure compliance with Articles 28(3) and (4) of the General Data Protection Regulation....more
On 7 December 2020, the French supervisory authority CNIL (Commission nationale de l’informatique et des libertés, French data protection authority) imposed substantive fines on Amazon and Google for allegedly placing...more
In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between...more
The European Data Protection Board (“EDPB”) has published draft guidelines on the concepts of controller and processor for public consultation. While its predecessor – the Article 29 Working Party – had issued guidance on the...more