In alignment with the ongoing concerns from several European data protection authorities publishing guidelines on data scrapping (i.e., the Dutch DPA, the Italian DPA and the UK Information Commissioner’s Office), the Global...more
On October 24, 2024, the Irish Data Protection Commission (DPC) issued a press release announcing its EUR 310 million fine of LinkedIn over the platform’s use of member personal data in breach of the EU’s General Data...more
New rules just took effect in Brazil regulating international data transfers, and employers doing business in the country must take note. Covered data processing agents – such as companies in Brazil that transfer data to...more
On 19 September 2024, the Belgian Data Protection Authority (DPA) issued new Guidance on the interplay between the recently adopted EU Regulation on Artificial Intelligence (the AI Act) and the General Data Protection...more
Scope of the Regulation - On August 23, 2024, the Brazilian Data Protection Authority (ANPD) published Resolution CD/ANPD No. 19/2024 (the “Regulation”), which addresses international transfers of personal data....more
The Irish Data Protection Commission (DPC) has welcomed X’s agreement to suspend its processing of certain personal data for the purpose of training its AI chatbot tool, Grok. This comes after the DPC issued suspension...more
The Knesset Constitution, Law, and Justice Committee has approved an amendment to the Israeli Privacy Protection Law (PPL). The amendment proposes extensive changes to the PPL, including granting additional enforcement powers...more
On January 27, 2022, the National Data Protection Authority (ANPD) published Resolution nr. 2, regulating the application of certain provisions of the General Personal Data Protection Act (LGPD) to small processing agents,...more
No dia 27 de janeiro de 2022, a Autoridade Nacional de Proteção de Dados (ANPD) publicou a Resolução n.º 2, regulamentando a aplicação de determinados dispositivos da Lei Geral de Proteção de Dados Pessoais (LGPD) a agentes...more
Last week we raised our hands to inform you about the Spanish Data Protection Authority’s approval of the "Code of Conduct on the processing of personal data in the field of clinical trials and other clinical research as well...more
On January 12, 2022, the French data protection authority (“CNIL“) published guidance on the reuse of personal data by processors for their purposes (“Guidance”). This the most recent guidance of a major EU regulator on a...more
According to a press release of the data protection authority (DPA) of Lower Saxony earlier this month, nine German DPAs will participate in a coordinated audit of companies in Germany regarding their transfers of personal...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
BB&K's Christina Morgan Talks About Data Privacy in Riverside Lawyer Magazine - Due to rising concerns about privacy in the digital world, in April 2016, the European Union adopted the General Data Protection Regulation...more
Q1/ Applicable legislation (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? Old legislation has been updated. ———...more
On October 17, the Spanish data protection authority (AEPD) published the Guide to Privacy by Design (Guide). While Privacy by Design (PbD) first became a legal requirement in the EU with implementation of the General Data...more
Bahrain’s Ministry of Justice will temporarily assume the functions and powers prescribed to the Data Protection Authority (the “Authority”) under Bahrain’s new Personal Data Protection Law. (Decree No. 78 of 2019.) It will...more
The Court of Justice of the European Union (CJEU) – the European Union’s equivalent to the US Supreme Court – has issued a very important ruling with respect to cookie compliance that may require re-evaluation of your cookie...more
Who is responsible for putting a GDPR Article 28 Data Processing Agreement in place? Dutch Data Protection Authority, Autoreitpersoonsgegevens, says: BOTH the data controller and the data processor....more
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
A year ago, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. With its extraterritorial scope and detailed requirements, the GDPR aimed to change the approach to personal data...more
The GDPR is wrapping up its first year and moving full steam ahead. This principles-based regulation has had a global impact on organizations as well as individuals. While there continue to be many questions about its...more
Why does this topic matter to organisations? Whereas the remedies and sanctions available to DPAs under the Directive were comparatively low (generally subject to a maximum of less than €1 million per infringement, with...more
The CNIL decision handed down on 21 January 2019, which cites violations of several GDPR obligations, provides important insights for groups wishing to benefit from the “one-stop-shop mechanism”. The Complaints - Not...more