Life with GDPR - Meta Fined €405 million by Irish Data Protection Commission
X Agrees to Stop Processing EU Data to Train its Grok AI - Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
Last month, the European Data Protection Board – which is composed of the national data protection authorities (‘Supervisory Authorities’) of the countries in the European Economic Area (‘EEA’), as well as the European Data...more
In Part I, we discussed the European Commission’s (“Commission”) disapproval of Meta’s “pay or consent” subscription model. In Part II, we delve into the European Commission’s findings, prior findings by the European Data...more
The European Data Protection Board (EDPB) recently adopted a statement suggesting the Data Protection Authorities’ (DPAs) role with regard to the EU AI Act recently published in the Official Journal of the EU....more
Governing Data Protection Legislation - 2.1. Overview of principal legislation - The General Regulation Data Protection (Regulation (EU) 2016/679) (“GDPR”), as implemented by Law 190/2018 is the principal data...more
European Data Protection Board Publishes Strategy for 2024-27 - The European Data Protection Board (“EDPB” - the EU body tasked with promoting consistency and cooperation in enforcement of the GDPR) has outlined its...more
The European Union (EU)’s government organizations are just like any another entity trying to function in a world where global companies and even government entities are reliant on digital platforms for messaging and...more
The opinion was issued in response to a request by the French Data Protection Authority and provides guidance on the conditions for determining a controller's main establishment where that controller has establishments in...more
The European Data Protection Board (EDPB) during its 90th plenary session, on 14 February 2024, amongst other things: - adopted an opinion (the Opinion) on the notion of a controller’s main establishment, including...more
The European Data Protection Board (EDPB), a board comprised primarily of representatives of the data protection supervisory authorities of the European Union’s member states, issued surprising new guidance in mid-November...more
On 14 November 2023, the European Data Protection Board (EDPB) adopted guidelines on the technical scope of Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC, as amended) (ePD). This reflects the EDPB's intent to...more
NSA and CISA Release Report on “Top Ten” Cybersecurity Misconfigurations; CISA Calls for Software Manufacturers to Implement Best Practices - On October 5, 2023, the United States National Security Agency (NSA) and...more
This summer, the European Data Protection Board (“EDPB”) published the final version of its Recommendations 01/2022 (“Recommendations”) on Binding Corporate Rules for Controllers (“C-BCR”). During the turbulence caused by the...more
The General Data Protection Regulation (GDPR) is a difficult piece of legislation to comply with, and not meeting some of its requirements may lead to hefty fines of up to 4% of global annual revenues of the preceding year or...more
A decision issued on May 4, 2023 by the European Court of Justice (the "ECJ") provides clarifications that are particularly welcome when answering requests for access from data subjects. In this decision, the ECJ, in response...more
On May 22, 2023, Ireland’s Data Protection Commission (DPC) published its long-awaited decision in the Meta EU-U.S. data transfer case (Decision). In its landmark Decision, the DPC imposed a record 1.2 billion EUR fine and...more
It shouldn’t come as a surprise that the European Data Protection Board (EDPB), through Ireland’s Data Protection Commission (DPC), issued another fine against a large US technology company. What may come as a surprise is the...more
On May 22, Ireland’s Data Protection Commission (DPC) announced that it had imposed a €1.2 billion fine on Meta Platforms for violating the European Union’s General Data Protection Regulation (GDPR) in its use of standard...more
The final decision of the Irish Data Protection Commission (IDPC) in relation to the transfers of EU/EEA Facebook user data by Meta Platforms Ireland Limited (Meta Ireland) to its processor, Meta Platforms, Inc., in the US...more
The EDPB published its 2022 activity report “Streamlining Enforcement Through Cooperation” (the Activity Report) on 17 April 2023, which provides an overview of the work it carried out in 2022. The report reflects on, amongst...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year. The European Data Protection Board (EDPB) has announced that its coordinated...more
The updated guidelines (05/2021) from the European Data Protection Board (“EDPB”) issued on 14 February 2023 (the “New Guidelines”) look at the interplay of two fundamental, protective mechanisms contained in the EU GDPR....more
In a recent non-binding opinion, EU regulators expressed timid positivity about the European Commission’s draft adequacy decision on the EU-US transatlantic data flows framework (Data Privacy Framework or DPF). While some...more
We’re now approaching the five-year anniversary of the General Data Protection Regulation (GDPR) taking full effect. In the run-up to 2018 and the period afterwards, there were many predictions about the likely direction of...more
The European Data Protection Board (EDPB) issued its opinion on the draft adequacy decision of the European Commission (Draft Decision) regarding the EU-US Data Privacy Framework (DPF) on 28 February 2023. The DPF is a...more