Life with GDPR - Meta Fined €405 million by Irish Data Protection Commission
The European Union (EU)’s government organizations are just like any another entity trying to function in a world where global companies and even government entities are reliant on digital platforms for messaging and...more
At the end of June, the European Data Protection Board (EDPB) published its Recommendations (Recs) on Binding Corporate Rules (BCRs). Among other things, the Recs require existing and in process BCRs to: - Incorporate...more
On May 22, Ireland’s Data Protection Commission (DPC) announced that it had imposed a €1.2 billion fine on Meta Platforms for violating the European Union’s General Data Protection Regulation (GDPR) in its use of standard...more
In a recent non-binding opinion, EU regulators expressed timid positivity about the European Commission’s draft adequacy decision on the EU-US transatlantic data flows framework (Data Privacy Framework or DPF). While some...more
On 18 January 2023, the European Data Protection Board (the “EDPB”) announced the adoption of a report on the work undertaken by the Cookie Banner Task Force (the “Task Force”). The Task Force was formed in September 2021 for...more
Background Note: Data privacy has become a critical issue in the digital era, with laws and regulations constantly evolving. As a result, it’s important for cybersecurity, information governance, and legal discovery...more
Hailed as an alternative approach to the EDPB’s transfer impact assessment, the ICO, with its updated international transfer guidance and its new TRA tool, aims to empower innovation and growth whilst protecting personal...more
The EU released its draft adequacy decision for the EU-US Data Privacy Framework, but all is not smooth sailing. As we wrote in October, the US developed the proposed new framework in response to the declared inadequacy of...more
Since Schrems II invalidated the US/EU Privacy Shield, the flow of personal data from the European Union to the United States has been subject to intense regulatory scrutiny. Companies transferring personal data to the United...more
The European Commission has published its long-awaited draft of the new EU-US Data Privacy Framework, available here. The Data Privacy Framework will replace the Privacy Shield decision that was invalidated in July 2020 by...more
US and EU Life Sciences Law firms Fieldfisher & Gardner Law recently held a CLE event in Silicon Valley covering Healthcare Compliance, Data Privacy and Regulatory hot topics for MedTech and Pharma companies. Discussion...more
Deadline to adopt EU Standard Contractual Clauses - Many organizations uses the European Union’s Standard Contractual Clauses (SCCs) to govern their transfers of personal data from the European Economic Area (EEA) to other...more
The French Data Protection Authority (CNIL) has released a Q&A providing its position, possible alternative solutions as well as guidance on using a compliant audience measurement solution. It follows a set of formal notices...more
California Privacy Protection Agency Releases Draft CPRA Regulations - The California Privacy Protection Agency (CPPA) just released proposed California Privacy Rights Act (CPRA) regulations. The regulations expand...more
On 23 May 2022, the data privacy activist group ‘none of your business’ (noyb) published an open letter on the planned EU-US data transfer deal. ...more
It has been almost two years since the Privacy Shield was struck down as a valid data transfer mechanism in Schrems II. Many have been wondering “what’s next”? Will there be a replacement framework? When will that be...more
The European Union (EU) and United States have reached a “deal in principle” to establish a new Trans-Atlantic Data Privacy Framework (Framework), which is meant to foster the exchange of data between the EU and U.S. This new...more
On 6 April 2022, following the announcement of the political agreement on a new EU-US Trans-Atlantic Data Privacy Framework having been reached between the European Commission and the United States on 25 March 2022, the...more
On March 25, 2022, the European Union (EU) announced that the United States and the EU had reached an agreement in principle to replace the EU-U.S Privacy Shield framework, which the European Court of Justice (CJEU) struck...more
On 25 March 2022, President Biden and the President of the European Commission (“EC”) von der Leyen announced that the U.S. and EU reached an agreement in principle on a new Trans-Atlantic Data Privacy framework for...more
In light of the “changed security policy situation” following Russia’s invasion of Ukraine, the Norwegian data protection regulator recently encouraged any company that exports personal data to Russia and Ukraine to review...more
Here are five things you should know about Google Analytics, transfers and Schrems II. 1. Down to Middle Earth We Go Brush up on your J.R.R. Tolkien because Datatilsynet in its new guidance on cloud providers, says you...more
On 4 March 2022, the European Data Protection Board (EDPB) published a final version of its Guidelines on Codes of Conduct as tools for transfers of personal data to third countries (Guidelines), adopted during the EDPB...more
Following a similar case from Austria, the French data protection authority recently concluded that certain use of cookies placed by US data analytics tools violated GDPR. The case came before the CNIL as the result of a...more
The European Data Protection Board (EDPB) has provided further guidance on data transfers. Specifically, this most recent guidance clarifies what constitutes a “transfer.” While the concept of a transfer may seem...more