No. Although Article 30 of the GDPR states that companies must “maintain a record” of their processing activities, the provision contains an exemption for small businesses. Specifically, it states that if a company employs...more
It is not clear at this point whether joint and several liability attaches to the actions of joint controllers. The GDPR states that a data subject “may exercise his or her rights under this Regulation in respect of and...more
On 9 July 2019, the Court of Justice of the European Union (CJEU) in Luxembourg heard a case brought by privacy-rights activist Max Schrems (C-311/18, Data Protection Commissioner v Facebook Ireland Limited, Maximilliam...more
The term “personal information” is defined within the CCPA in a similar, but not identical, manner to the term “personal data” within the GDPR. The following provides a side-by-side comparison of the two terms...more
In this Series 2 of our FAQs regarding the California Consumer Privacy Act (“CCPA”), we are examining the scope of the law’s jurisdiction. These FAQs should help employers determine if they are required to comply with the...more
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
The California Consumer Privacy Act ("CCPA") was enacted in early 2018 as a political compromise to stave off a poorly drafted, and plaintiff’s friendly ballot initiative. Although the CCPA is scheduled to go into force in...more
On November 23, the European Data Protection Board (“EDPB”) - the gathering of all European Union (EU) data protection authorities - adopted new draft guidelines on territorial scope of the GDPR. The EDPB was previously known...more
The European Union's General Data Protection Regulation ("GDPR") is arguably the most comprehensive - and complex - data privacy regulation in the world. Although the GDPR went into force on May 25, 2018, there continues to...more
On May 25, 2018, at the effective date of the General Data Protection Regulation (“GDPR”), the European Data Protection Board (“EDPB”) adopted its “Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679”...more
The European Data Protection Board (“EDPB“) has published a letter sent to the European Parliament in relation to the revised Payment Services Directive ((EU) 2015/2366) (“PSD2“)....more
The EU-US Privacy Shield is one of the legal mechanisms enabling the transfer of personal data outside the European Economic Area to US companies that have self-certified to a number of privacy principles (which correspond to...more
JONES DAY CYBERSECURITY, PRIVACY & DATA PROTECTION ATTORNEY SPOTLIGHT: Richard Martinez - Europe's new General Data Protection Regulation ("GDPR") is driving an evolution in corporate privacy practices globally. As...more
On June 12, 2018, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) passed a resolution calling on the European Commission to suspend the EU-U.S. Privacy Shield unless the U.S. fully...more
Less than one week after replacing the now defunct Article 29 Working Party (WP29), the European Data Protection Board (EDPB) has adopted new guidelines on the EU General Data Protection Regulation (GDPR) and issued a...more
Data protection authorities set out guidelines for the application of the new EU General Data Protection Regulation - The European Data Protection Board (EDPB) is the joint coordination body of the EU data protection...more
The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to...more
Answer: The Article 29 Working Party is the name of an advisory body established in 1996 by Article 29 of Directive 95/46/EC. The role of the Working Party is to provide independent counsel to the European Commission on...more
The European Union’s General Data Protection Regulation (“GDPR”) is arguably the most comprehensive – and complex – data privacy regulation in the world. As companies prepare for the GDPR to go into force on May 25, 2018,...more
On April 19, 2018, the Article 29 Working Party (Working Party), which is comprised of representatives from the data protection authorities in each of the 28 European Union (EU) member states, issued a position paper stating...more
On April 19, 2018, the statutorily-appointed independent EU advisory body known as the Article 29 Working Party (“WP29”) published a Position Paper on the derogations from the obligation to maintain records of processing...more
On 11 April 2018 the EU’s authority on data protection – the Article 29 Working Party, or WP29 – released new guidance on encryption standards, providing an important indication of the EU’s approach to data protection....more
On Feb. 6, 2018, the Article 29 Working Party (Working Party 29) published Working Paper 261 (WP 261), which provided guidance on the provisions of Article 49 of the European Union’s (EU) General Data Protection Regulation...more
Last week, the High Court of Ireland submitted eleven questions to the Court of Justice for the European Union (CJEU) to consider about the personal data transfer regime between the European Union (EU) and the United States....more
Google grants just under half the requests seeking to remove Internet links, according to the latest report from the company....more