IAPP Global Privacy Summit Recap, Big Questions, and Indiana Jones Analogies
By its much anticipated judgment of 4 May 2023, the European Court of Justice (CJEU) specified the requirements under which data subjects affected by a breach of the GDPR can claim for compensation of non-material damages...more
On 18 January 2023, the European Data Protection Board ("EDPB") published a report on the work undertaken by its Cookie Banner Task Force to ensure a uniform approach regarding a number of cookie-banner-related complaints...more
The Data Act Proposal aims to provide fairness to data access and proposes new rules on who can use and access data generated in the EU across all economic sectors. It creates the obligation for manufacturers and designers to...more
Since the General Data Protection Regulation (GDPR) was enacted a little over 3 years ago in May 2018, many organizations that collect personal data of individuals in the European Union (EU) have enhanced their data privacy...more
The regulation of cookies and similar tracking technologies is rapidly evolving, not only in the European Union and United Kingdom but also in the United States and globally. If you have visited a website recently, you might...more
On 10 February 2021, over two and a half years after the anticipated adoption of the e-Privacy Regulation, European Member States have agreed to a revised text. Portending a potential break in the three-year impasse, the...more
The Council of the European Union (Council) released a new draft of the ePrivacy Regulation (Council doc. 5642/21) on January 5, 2021. Various versions of the ePrivacy Regulation have been under consideration in the Council...more
On 13 January 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued an important opinion in the case of Facebook Belgium v Gegevensbeschermingsautoriteit (C-645/19) which considers the...more
The Situation: On October 6, 2020, the Court of Justice of the European Union ("CJEU") held that the national security laws of the United Kingdom, France, and Belgium, which each require that providers of electronic...more
Last November, the Spanish Data Protection Authority (Spanish DPA) published its new Guidelines on the Use of Cookies within the framework of the GDPR and Spanish E-privacy rules. ...more
On June 19, 2020, the Conseil d’Etat, the highest administrative court in France, annulled in part the cookie guidelines issued by the CNIL (the French data protection authority). The court ruled that the CNIL did not have...more
On March 12, 2020, the Information Commissioner’s Office (ICO), the U.K.’s data protection authority (DPA), published Guidance for data controllers on their data protection compliance obligations during the COVID-19 pandemic....more
Across the world, large retail stores and small businesses alike are shutting their doors. International flights and sporting events, conferences and concerts (and everything in between) are being cancelled. ...more
On 10 January 2017, the European Commission issued a proposal for a new ePrivacy Regulation (ePR) triggering a legislative process that is still ongoing. The proposed ePR was intended to replace the existing ePrivacy...more
The Information Commissioner’s Office or the “ICO” is the British supervisory authority charged with enforcing GDPR. The Commission Nationale de l’informatique et des libertes (the “CNIL”) is the French supervisory authority....more
EU Court Allows Class Action to Proceed, Sets Precedent for Future Data Breach Class Actions - A class action brought against Google will be allowed to move forward after the plaintiff’s appeal was permitted, allowing him to...more
We are now over a year on from the major changes made to the European data protection regime by the GDPR so it is time to revisit what the changes mean now for the hospitality sector and investment in it, given increased...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the California attorney general's draft regulations on the California Consumer Privacy Act, the CJEU's clarified rulings on the use of cookies, the...more
The Court of Justice of the European Union (CJEU) published a judgment that echoes the recent developments discussed in our August update, "New Developments in EU for Cookies and Online Tracking." This is an important...more
Join us on Thursday 19 September for the Hogan Lovells Privacy and Cybersecurity KnowledgeShare in London. We will share our latest thinking on the key privacy and cybersecurity issues faced by those with data protection...more
The interaction between the General Data Protection Regulation (2016/679) (“GDPR”) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) (“PECR”) has been vexing for some time now. As a...more
The Situation: The European Union's Cybersecurity Act becomes effective on June 27, 2019. The Result: The Act will strengthen the ability of the European Union Agency for Network and Information Security ("ENISA") to help...more
On 12 March 2019 at its Eighth Plenary Session, the European Data Protection Board (“EDPB”) adopted its Opinion 5/2019 on the interplay between the ePrivacy Directive (“ePD”) and the General Data Protection Regulation...more
On March 15, 2019, the European Data Protection Board published Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks, and powers of data protection...more
This is the sixth issue of WilmerHale’s 8-in-8 Recent Trends in European Law and Policy Alert Series. Our attorneys will share insights on current and emerging issues affecting companies doing business in Europe and across...more