Nota Bene Episode 135: Europe Q3 Check In: Brexit, Data Protection, and Block Exemption Regulations with Oliver Heinisch
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
How to avoid a €20m fine. Meritas guide to the steps companies should take to comply with GDPR
Data Privacy Trouble Surrounding Google Street View Cars Presents Lesson for Smaller Companies
Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe....more
The Court of Justice of the EU (CJEU)1 has held that the General Data Protection Regulation (GDPR) requires controllers to provide data subjects a "faithful reproduction" of their personal data, which takes into account the...more
For American companies doing business in Europe and European businesses relying on U.S. vendors and service providers, 2023 may be the year when Europe and the United States finally come together to implement a viable and...more
European data protection authorities kicked 2023 off with a bang when, on January 4, the Irish Data Protection Commission (DPC) announced that Meta Platforms Ireland would be fined a total of €390 million (roughly $414...more
The European Commission (EC) ended the year 2022 by making significant progress in its pending antitrust investigations against two of the largest digital platforms....more
Employers often want to have a data retention policy that works for all of their international operations. We look at the challenges with this approach and how to make it work in practice....more
New Set of SCCs for Data Transfers to Third Countries On June 4, 2021, the European Commission (EC) published its long awaited new set of Standard Contractual Clauses (New SCCs). This new data transfer mechanism allows for...more
The European Data Protection Board and European Data Protection Supervisor have published a joint opinion on the data protection aspects of the European Union's proposals for a Digital Green Certificate, a form of COVID-19...more
The United Kingdom’s Information Commissioner’s Office (ICO) finalized a new Code of Practice (the Code) in September 2020, which applies to most companies that offer online services to or otherwise collect personal data from...more
Article 45 of the GDPR allows the transfer of personal data from the EU to a third country when the third country ensures an “adequate level of protection” (adequacy decision). In determining “adequacy,” the GDPR provides...more
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
More than 60 U.S. and global data protection authorities and governmental agencies have issued guidance on health data collection, COVID-19 diagnosis disclosure, work-at-home practices, and return-to-work approaches. The...more
Global organizations need a clear, legal means to share data across borders, whether to conduct day-to-day business, comply with government regulations, perform under a contract, respond to lawsuits, or simply communicate and...more
Since the first enforcement actions have been initiated, some with significant fines, many companies may find themselves somewhat at a loss as they may not fully know how to assess the risks involved and how to react should...more
The Data Protection Supervisory Authority for the state of Berlin (Die Berliner Beauftragte für Datenschutz und Informationsfreiheit, “Supervisory Authority”) recently issued a fine for GDPR violations against Germany’s...more
The Court of Justice of the European Union (CJEU) – the European Union’s equivalent to the US Supreme Court – has issued a very important ruling with respect to cookie compliance that may require re-evaluation of your cookie...more
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
The Situation: Fashion ID, a German online clothing retailer, embedded on its website the Facebook "Like" button. When a user consults the website of Fashion ID, that user's personal data are transmitted to Facebook Ireland....more
On July 29, 2019, the European Court of Justice (ECJ) issued its decision in FashionID (Case C-40/17), determining that website operators are jointly liable with plugin providers for data collection and transmission through...more
What can organizations learn from the first year of enforcement of the European Union’s General Data Protection Regulation (GDPR)? Quite a bit, if you pay attention to what the EU government regulators are doing....more
The GDPR is wrapping up its first year and moving full steam ahead. This principles-based regulation has had a global impact on organizations as well as individuals. While there continue to be many questions about its...more
The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR....more
At the beginning of this month, more than 4,000 privacy professionals from around the globe gathered in Washington, D.C. for the International Association of Privacy Professionals’ Global Privacy Summit 2019....more
Why does this topic matter to organisations? EU data protection law provides data subjects with a wide array of rights that can be enforced against organisations that process personal data. These rights may limit the...more
Why does this topic matter to organisations? Processing of personal data is lawful only if, and to the extent that, it is permitted under EU data protection law. Each and every data processing activity requires a lawful...more