In alignment with the ongoing concerns from several European data protection authorities publishing guidelines on data scrapping (i.e., the Dutch DPA, the Italian DPA and the UK Information Commissioner’s Office), the Global...more
Dutch data privacy officials recently imposed a staggering penalty on Uber – €290 million ($324 million) – for allegedly breaching the European Union’s comprehensive data privacy and security law. This groundbreaking fine is...more
Following the very recent adoption of the EU Regulation on AI (the AI Regulation) the CNIL (the French data regulator) has issued the second in its series of recommendations for the development of privacy-friendly AI models....more
On 7 March 2024, the Court of Justice of the European Union issued a ruling (C-604/22 | IAB Europe) clarifying the concepts of personal data and controller in the context of the use of a Transparency and Consent Framework...more
The Court of Justice of the EU (CJEU)1 has held that the General Data Protection Regulation (GDPR) requires controllers to provide data subjects a "faithful reproduction" of their personal data, which takes into account the...more
The Data Protection Authority (“DPA”) of the German state Hamburg is one of the first European DPA to publish an optimistic assessment on the U.S. Executive Order on “Enhancing Safeguards for United States Signals...more
In this month’s Privacy & Cybersecurity Update, we examine the Illinois Supreme Court’s decision in a case involving workers compensation and the state’s Biometric Information Privacy Act, U.K. data transfer regimes before...more
The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. The use of card, contactless, and innovative digital payment solutions has significantly...more
Most biometric readings require your presence in the same space as the measuring tools. Facial recognition, retinal capture, fingerprints or hand geometry, even biomarked scents are measured in close physical proximity. The...more
There has been an uptrend in recent years of employers using a variety of technological tools to supervise their employees and oversee the quality of their work. The use of these tools has become more prevalent due to the...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
It was announced today that the Hamburg data protection authority (DPA) has imposed a fine of a whopping €35,258,707.95 on the fashion retailer H&M Hennes & Mauritz Online Shop A.B. & Co. KG, which is based in Hamburg....more
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
As the coronavirus has spread worldwide to reach pandemic level, employers are putting into place measures group-wide to limit risks of contagion within the work place. Some of these measures have led companies to question...more
The Court of Justice of the European Union (CJEU) – the European Union’s equivalent to the US Supreme Court – has issued a very important ruling with respect to cookie compliance that may require re-evaluation of your cookie...more
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
The Dutch Data Protection Authority has written to the Dutch Banking Association to state that processing customers' transaction data for direct marketing purposes may not be in compliance with the General Data Protection...more
In the wake of a recent announcement by a major Dutch bank that it would start providing its customers with personalized advertisements based on their spending patterns, the Dutch Data Protection Authority (DPA) has sent a...more
The GDPR is wrapping up its first year and moving full steam ahead. This principles-based regulation has had a global impact on organizations as well as individuals. While there continue to be many questions about its...more
In this month's edition of our Privacy & Cybersecurity Update, we examine Brazil's new data protection regulation, the French data protection authority's warning to two companies of potential GDPR violations and the U.S....more
The European Union’s top court ruled last week that the operator of a Facebook fan page is a “joint controller,” along with Facebook, with respect to personal data collected on such pages. The decision has implications for...more
The EU-US Privacy Shield, designed to protect EU citizens’ personal data when it is transferred to US organisations, has now been in place for a couple of months. How is it shaping up?...more
With the August 1st start of the Privacy Shield, the European Commission’s new and long-awaited transatlantic data transfer agreement with the U.S., businesses that had previously relied on the invalidated Safe Harbor scheme...more
The Düsseldorfer Kreis, a committee made up of representatives of German data protection authorities, recently published guidance on the requirements for obtaining valid consent to the collection, processing and use of...more
The Article 29 Working Party (The Working Party), which includes representative data protection authorities from each EU member country and the European Data Protection Supervisor, issued a 58-page opinion yesterday that...more