It is not clear at this point whether joint and several liability attaches to the actions of joint controllers. The GDPR states that a data subject “may exercise his or her rights under this Regulation in respect of and...more
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
JONES DAY CYBERSECURITY, PRIVACY & DATA PROTECTION ATTORNEY SPOTLIGHT: Richard Martinez - Europe's new General Data Protection Regulation ("GDPR") is driving an evolution in corporate privacy practices globally. As...more
On Feb. 6, 2018, the Article 29 Working Party (Working Party 29) published Working Paper 261 (WP 261), which provided guidance on the provisions of Article 49 of the European Union’s (EU) General Data Protection Regulation...more
The deadline to comply with the GDPR’s complex and far ranging requirements is rapidly approaching. As your organization races to implement its compliance program before the May 25, 2018 effective date, questions and...more
St. Louis was named after Louis IX (born in 1214!), hosted a World Fair (technically, the 1904 Louisiana Purchase Exposition), the fleur-de-lis is ubiquitous, and we love soccer and football, although we have neither major...more
What is a ‘personal data breach’? First things first, what exactly is a personal data breach? The GDPR defines it as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised...more
The Article 29 Working Party (WP29) recently issued guidelines regarding data controllers' notification obligations following security breaches involving the personal data of EU citizens....more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
Ample bandwidth has been eaten by panicky commentary over the fines possible under the EU’s upcoming General Data Protection Regulation (GDPR). Sure, the GDPR arms EU data protection authorities with a hefty compliance stick....more
The General Data Protection Regulation is coming, and along with it, a significant expectation of increased harmonization in the privacy rules across the EU. Considering the 60-plus articles which directly impose obligations...more
This post provides an update as to the current status of official GDPR-related guidance. With a little under a year remaining until the European Union’s General Data Protection Regulation (GDPR) becomes enforceable, companies...more
If you are a hospital processing European Union (EU) patient data, if you maintain EU customer loyalty programs, or if you engage in behavioral advertising of EU citizens, you may be required to appoint a data protection...more
The Working Party recently issued its first Opinion for 2017, focusing on the EU Commission’s proposed ePrivacy Regulation (WP 247, Opinion 01/2017). The Commission’s proposal, which was published in January this year, aims...more
In the context of increasing cyber-attacks on major corporate organisations, small businesses and government, data protection and cybersecurity is a hot topic. Added to this, the GDPR—a strict new regulatory regime in...more
In the United States there are relatively few restrictions on collecting information from children off-line. Efforts to collect information from children over the internet, however, are regulated by the Children’s Online...more
Late last week, the Article 29 Working Party (“WP29”) issued detailed guidance on companies’ obligations under three key provisions of the General Data Protection Regulation (GDPR). This is part one of a three-part Alston &...more
Late last week, the Article 29 Working Party (“WP29”) issued detailed guidance on companies’ obligations under three key provisions of the General Data Protection Regulation (“GDPR”). This is part two of a three-part Alston...more
European Data Protection Authorities (DPAs) recently launched investigations into WhatsApp’s sharing of user data with Facebook. (Facebook owns WhatsApp.) DPAs ordered WhatsApp to stop sharing the data pending the...more
While it’s making few headlines, the European Commission is still working to finalize Privacy Shield, and it’s even possible that Privacy Shield will pass a key hurdle by the end of this month. The Commission is still...more
After the European Court of Justice invalidated Safe Harbor on October 6, ?2015, the Article 29 Working Party announced in an October 16, 2015 statement that US companies that were Safe Harbor certified had until the end of...more
Directive 95/46/EC of 24 October 1995 - Articles 25 and 26 - The transfer of personal data to a third country is allowed: ..if the third country ensures an adequate level of protection; the Commission can...more
Earlier today, the European Parliament passed a non-legislative resolution saying the EU Commission should go back to negotiating with the United States to remedy “deficiencies” in the proposed EU-U.S. Privacy Shield for EU...more
Two days after the original January 31 deadline, the European Union and United States have announced a replacement for the Safe Harbor agreement — the EU-U.S. Privacy Shield — which, if approved, will provide a new framework...more
As we have noted previously, in the wake of the ECJ’s decision that undid the US-EU Safe Harbor, we were told that there would be no enforcement of the EU Directive until after January 31, to allow the US and EU to hammer out...more