On 9 July 2019, the Court of Justice of the European Union (CJEU) in Luxembourg heard a case brought by privacy-rights activist Max Schrems (C-311/18, Data Protection Commissioner v Facebook Ireland Limited, Maximilliam...more
The implementation of the European Union (EU)’s General Data Protection Regulation (GDPR) has raised a number of questions as to how best to approach cross-border discovery. Friction between legal holds and the “right of...more
The European Union's General Data Protection Regulation ("GDPR") is arguably the most comprehensive - and complex - data privacy regulation in the world. Although the GDPR went into force on May 25, 2018, there continues to...more
On May 25, 2018, at the effective date of the General Data Protection Regulation (“GDPR”), the European Data Protection Board (“EDPB”) adopted its “Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679”...more
The EU-US Privacy Shield is one of the legal mechanisms enabling the transfer of personal data outside the European Economic Area to US companies that have self-certified to a number of privacy principles (which correspond to...more
Data protection authorities set out guidelines for the application of the new EU General Data Protection Regulation - The European Data Protection Board (EDPB) is the joint coordination body of the EU data protection...more
Last week, the High Court of Ireland submitted eleven questions to the Court of Justice for the European Union (CJEU) to consider about the personal data transfer regime between the European Union (EU) and the United States....more
In this month's edition of our Privacy & Cybersecurity Update, we discuss the Article 29 Data Protection Working Party's critique of the Privacy Shield and the Sixth Circuit's decision to consider the issue of computer fraud...more
The Article 29 Working Party group (WP29) of European data protection authorities recently announced that they will legally challenge the adequacy of the Privacy Shield Framework unless the U.S. government addresses certain...more
On November 28, 2017, the EU’s Article 29 Working Party issued its report on the First Annual Joint Review of the EU-US Privacy Shield, which was conducted on September 18-19, 2017....more
Hot on the heels of the European Commission’s official review of the functioning of the EU-U.S. Privacy Shield framework, the Article 29 Working Party (Working Party) of EU data protection regulators has issued its own report...more
On December 6, 2017, the European Union’s Article 29 Working Party released two sets of guidelines on Binding Corporate Rules (“BCRs”) it had adopted a week earlier. BCRs are internal rules that define a group of companies’...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - United States and China Renew Promise Not to Hack - On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more
What is a ‘personal data breach’? First things first, what exactly is a personal data breach? The GDPR defines it as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised...more
The Article 29 Working Party (WP29) recently issued guidelines regarding data controllers' notification obligations following security breaches involving the personal data of EU citizens....more
On October 18, the Article 29 Working Party released its draft of “ Guidelines on Automated individual decision-making and Profiling for the Purpose of Regulation 2016/679” (“Guidelines on Automated individual decision-making...more
The General Data Protection Regulation is coming, and along with it, a significant expectation of increased harmonization in the privacy rules across the EU. Considering the 60-plus articles which directly impose obligations...more
This post provides an update as to the current status of official GDPR-related guidance. With a little under a year remaining until the European Union’s General Data Protection Regulation (GDPR) becomes enforceable, companies...more
If you are a hospital processing European Union (EU) patient data, if you maintain EU customer loyalty programs, or if you engage in behavioral advertising of EU citizens, you may be required to appoint a data protection...more
In this edition of our Privacy & Cybersecurity Update, we examine a district court ruling against Wendy's that continues a shift toward an increase in merchants' data protection responsibilities and the Article 29 Working...more
The steady trickle of GDPR guidance from the Article 29 Working Party continues. Fresh from finalising its guidance on data portability, lead supervisory authorities and data protection officers, the Working Party has...more
Spanish Ministry of Justice Launches Public Consultation on GDPR. On February 7, 2017, the Spanish Ministry of Justice launched a public consultation as a preliminary step before drafting a new bill implementing the General...more
In the context of increasing cyber-attacks on major corporate organisations, small businesses and government, data protection and cybersecurity is a hot topic. Added to this, the GDPR—a strict new regulatory regime in...more
The FCA and PRA announced changes to enforcement process with the aim of strengthening the transparency and effectiveness of enforcement decision-making processes. Some of the changes have already come into force, the rest...more
On February 20, 2017, the Article 29 Working Party released procedures and a template complaint form for implementing the EU-US Privacy Shield. The procedures govern the functioning of the informal data protection authority...more