Life with GDPR - Meta Fined €405 million by Irish Data Protection Commission
On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the ‘Second Report’), following its first report published in 2020....more
The European Data Protection Board (EDPB) recently adopted a statement suggesting the Data Protection Authorities’ (DPAs) role with regard to the EU AI Act recently published in the Official Journal of the EU....more
The opinion was issued in response to a request by the French Data Protection Authority and provides guidance on the conditions for determining a controller's main establishment where that controller has establishments in...more
The European Parliament voted on June 14, 2023 to adopt its position on the draft EU Artificial Intelligence Act (EU AI Act) that would impose a comprehensive regulatory regime on AI. More rules are expected to follow for...more
The final decision of the Irish Data Protection Commission (IDPC) in relation to the transfers of EU/EEA Facebook user data by Meta Platforms Ireland Limited (Meta Ireland) to its processor, Meta Platforms, Inc., in the US...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year. The European Data Protection Board (EDPB) has announced that its coordinated...more
Ever since the White House issued its Executive Order to pave a path for the new EU-U.S. Data Privacy Framework, stakeholders have provided both praise and criticism about whether the Executive Order sufficiently addresses...more
Data subject access requests (DSARs) are a cornerstone of the data protection regime, being fundamental in helping individuals to exercise their rights. If individuals do not know what information an organisation has about...more
The European Commission (EC) has proactively reached out to the Dutch Data Protection Authority (DPA) to criticize its interpretation of legitimate interest under the GDPR. The criticism is in response to enforcement actions...more
On May 16, 2022, the European Data Protection Board (EDPB), the independent body of data protection supervisors that promotes consistent data protection rules and application thereof throughout the European Union (EU),...more
Der Europäische Datenschutzausschuss (EDSA) hat am 12. Mai 2022 Leitlinien zur Berechnung von Bußgeldern wegen möglicher DSGVO-Verstöße veröffentlicht (Leitlinien). Die Leitlinien sollen das Bußgeldrecht in den einzelnen...more
On 29 April 2022, the European Data Protection Board (EDPB) announced that data protection supervisory authorities in the EU (DPAs) had reiterated their commitment to cross-border cooperation and agreed to take specific steps...more
The European Data Protection Board (EDPB), the body which represents EU data protection authorities, has adopted guidelines (Guidelines) confirming when transfers need to be “safeguarded” in accordance with the GDPR (and...more
The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. The use of card, contactless, and innovative digital payment solutions has significantly...more
Earlier this month, the European Data Protection Board (EDPB) published a report on the resources that the EU Member States make available to their Data Protection Authorities (DPA) and on the enforcement actions initiated by...more
Welcome to the latest edition of Updata - the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
On 18 June 2021, the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) issued a joint opinion on the European Union’s proposed AI Regulation, which was announced earlier this year....more
Organizations are closely tracking which of their vendors previously relied on Privacy Shield. Separately, they are preparing Transfer Impact Assessments (“TIAs”) to evaluate and address risks associated with personal data...more
The Portuguese data protection authority issued a recent resolution ordering the Portuguese National Institute of Statistics (or INE) to stop sending personal census information to any countries outside of the EU that do not...more
Risks of non-compliance with the GDPR keep increasing with data protection authorities (DPAs) now ordering suspension of transfers of personal data to the U.S. In March, the Bavarian DPA found there was an unlawful transfer...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
United States - Regulatory—Policy, Best Practices, and Standard - NIST Unveils Draft Guidance to Protect Critical Infrastructure - On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
Garante, the Italian data protection authority, has issued FAQ's on CCTV surveillance and data protection. Highlighting the European Data Protection Board's (EDPB) guidelines on the topic, here are some takeaways: Area of...more
Keypoint: The EDPB’s much-anticipated recommendations will help companies identify the supplementary measures they need to put into place to comply with the CJEU’s Schrems II decision. Today, the European Data Protection...more
“I worry that we are caught in a DPA (Data Protection Authority) beauty contest of who issues the bigger fine,” said Ireland Data Protection Commissioner Helen Dixon in her keynote for Daniel Solove’s Privacy+Security Academy...more