On November 23, the European Data Protection Board (“EDPB”) - the gathering of all European Union (EU) data protection authorities - adopted new draft guidelines on territorial scope of the GDPR. The EDPB was previously known...more
The European Union's General Data Protection Regulation ("GDPR") is arguably the most comprehensive - and complex - data privacy regulation in the world. Although the GDPR went into force on May 25, 2018, there continues to...more
On May 25, 2018, at the effective date of the General Data Protection Regulation (“GDPR”), the European Data Protection Board (“EDPB”) adopted its “Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679”...more
The European Data Protection Board (“EDPB“) has published a letter sent to the European Parliament in relation to the revised Payment Services Directive ((EU) 2015/2366) (“PSD2“)....more
JONES DAY CYBERSECURITY, PRIVACY & DATA PROTECTION ATTORNEY SPOTLIGHT: Richard Martinez - Europe's new General Data Protection Regulation ("GDPR") is driving an evolution in corporate privacy practices globally. As...more
On June 12, 2018, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) passed a resolution calling on the European Commission to suspend the EU-U.S. Privacy Shield unless the U.S. fully...more
Less than one week after replacing the now defunct Article 29 Working Party (WP29), the European Data Protection Board (EDPB) has adopted new guidelines on the EU General Data Protection Regulation (GDPR) and issued a...more
The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to...more
Domain name registrars and registries might soon be changing their mantra from, “I think ICANN,” to, “Maybe ICANN’T,” when it comes to providing publicly available WHOIS information for domain name registrants. New potential...more
In this month's edition of our Privacy & Cybersecurity Update, we discuss the Article 29 Data Protection Working Party's critique of the Privacy Shield and the Sixth Circuit's decision to consider the issue of computer fraud...more
Hot on the heels of the European Commission’s official review of the functioning of the EU-U.S. Privacy Shield framework, the Article 29 Working Party (Working Party) of EU data protection regulators has issued its own report...more
The EU and U.S. competent authorities have one year to implement the recommendations that the Article 29 Working Party (WP29, which is a gathering of all EU national data protection authorities) made in its opinion of...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - United States and China Renew Promise Not to Hack - On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more
On October 18, 2017, the Article 29 Working Party (the “WP29”) published Guidelines clarifying the new profiling and automated decision-making provisions of the General Data Protection Regulation (“GDPR”). European Union...more
An English-Language Primer on Germany’s GDPR Implementation Statute. Expanding on his recent article for Bloomberg BNA, Alston & Bird associate Dan Felz offers a multipart primer on Germany’s new GDPR implementation statute....more
Global companies face stricter rules on employee data privacy, in particular when using social media and internal monitoring tools. It also now becomes clearer that many EU Member States will use the opening clause of Art. 88...more
The General Data Protection Regulation is coming, and along with it, a significant expectation of increased harmonization in the privacy rules across the EU. Considering the 60-plus articles which directly impose obligations...more
This post provides an update as to the current status of official GDPR-related guidance. With a little under a year remaining until the European Union’s General Data Protection Regulation (GDPR) becomes enforceable, companies...more
If you are a hospital processing European Union (EU) patient data, if you maintain EU customer loyalty programs, or if you engage in behavioral advertising of EU citizens, you may be required to appoint a data protection...more
In this edition of our Privacy & Cybersecurity Update, we examine a district court ruling against Wendy's that continues a shift toward an increase in merchants' data protection responsibilities and the Article 29 Working...more
The EU General Data Protection Regulation’s (GDPR) requirements are coming into focus quickly as EU data protection authorities continue to issue guidance on different aspects of the law. On April 4, 2017, the Article 29...more
In the context of increasing cyber-attacks on major corporate organisations, small businesses and government, data protection and cybersecurity is a hot topic. Added to this, the GDPR—a strict new regulatory regime in...more
On September 12, 2016, the Data Protection Authority of the German Federal State of North Rhine-Westphalia (“DPA NRW”) became one of the first EU data protection authorities to issue guidance on the implementation of the...more
Davis Wright Tremaine hosted its fourth conference on the legal, regulatory, and commercial landscapes surrounding these rapidly emerging fields. What are the big lessons for your business? Cloud computing and big data...more
Following twenty-seven EU and U.S. non-profit organizations in their letter of March 16, the Article 29 Working Party (WP29) in its opinion n° 01/2016 of April 13 and the EU Parliament in its resolution of May 26, it is now...more