Life with GDPR - Meta Fined €405 million by Irish Data Protection Commission
Recently, the European Data Protection Board (EDPB) adopted an opinion addressing key data protection concerns arising from the use of Artificial Intelligence (AI) models. The opinion specifically focuses on how GDPR...more
On 17 December 2024, the European Data Protection Board (EDPB) adopted its opinion on certain data protection aspects related to the processing of personal data in the context of AI models (Opinion). The Opinion comes as a...more
The draft guidelines provide further clarification to the EDPB’s interpretation of legitimate interests, and suggest a potential divergence with the UK ICO....more
Last month, the European Data Protection Board – which is composed of the national data protection authorities (‘Supervisory Authorities’) of the countries in the European Economic Area (‘EEA’), as well as the European Data...more
Governing Data Protection Legislation - 2.1. Overview of principal legislation - The General Regulation Data Protection (Regulation (EU) 2016/679) (“GDPR”), as implemented by Law 190/2018 is the principal data...more
The updated guidelines (05/2021) from the European Data Protection Board (“EDPB”) issued on 14 February 2023 (the “New Guidelines”) look at the interplay of two fundamental, protective mechanisms contained in the EU GDPR....more
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role. The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current...more
The EDPB sets out relevant steps and factors that EU supervisory authorities should consider when calculating administrative fines under the GDPR. On 16 May 2022, the European Data Protection Board (EDPB) adopted draft...more
The concept of a “transfer” under Chapter V of the GDPR has always been a bit like obscenity. We didn’t have an authoritative definition, but with apologies to the late Justice Potter Stewart, we knew it when we saw it. And...more
The European Data Protection Board (EDPB) has provided further guidance on data transfers. Specifically, this most recent guidance clarifies what constitutes a “transfer.” While the concept of a transfer may seem...more
It is well known that the EU GDPR (specifically, Chapter V) restricts transfers of personal data from the EU to a “third country” (i.e. a jurisdiction outside the EEA) or to an international organisation. But what is meant by...more
On November 18, the European Data Protection Board (“EDPB”) released draft guidelines on the interplay between Article 3 GDPR – which sets out the GDPR’s territorial scope – and the provisions in Chapter V of the GDPR, which...more
On November 18, 2021, the European Data Protection Board (“EDPB”) issued guidelines on the interplay between provisions in the General Data Protection Regulation (“GDPR”) governing scope and applicability and those governing...more
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements. On 4 June 2021, the European Commission released its...more
Standard contractual clauses (SCCs) are a contract addendum with provisions governing the handling of personal information. The express language of the SCCs has been preapproved by the European Commission (Commission) to be...more
The European Commission’s long-awaited updates to the Standard Contractual Clauses (“SCCs”) have arrived. Data protection lawyers globally have eagerly anticipated these changes, which are necessary to address a legal...more
On June 4, 2021, the European Commission adopted two new sets of standard contractual clauses (SCCs): one for data transfers from data controllers to data processors and one for data transfers from data exporters to data...more
The European Commission has issued new Standard Contractual Clauses designed to facilitate international transfers of personal data in compliance with the GDPR. The new provisions better reflect the variety of global data...more
Following the coming into effect of the GDPR three years ago and in light of last year’s Schrems II decision, the European Commission has adopted a new set of Standard Contractual Clauses (SCCs) aimed at enabling lawful...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
On 10 March 2021, the European Data Protection Board (EDPB) published a press release about its 46th plenary session held on 9 March 2021. We look at some of the highlights below. ...more
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision. On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
On November 12, 2020, the European Commission (“EC”) published a draft implementing decision on standard contractual clauses (“SCCs”) for the transfer of personal data to third countries pursuant to the General Data...more
American companies should take notice of some important developments in data privacy laws in the U.S. and in the European Union. California Privacy Rights Act - On November 3, 2020, California voters approved the...more