The EU’s Digital Markets Act (DMA) imposes far-reaching ex ante obligations on the largest digital platforms, so-called “gatekeepers.” It applies in parallel with antitrust rules, national regulation (which can go beyond the...more
On March 15, 2023, the European Data Protection Board (EDPB) announced a coordinated action on the role of the data protection officers (DPOs). The data protection authorities (DPAs) will ask DPOs a series of questions to...more
On January 12, 2023, the Court of Justice of the European Union (CJEU) ruled that the data subject’s right of access to personal data requires controllers to provide the data subject with the identity of the companies that...more
2/2/2023
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personally Identifiable Information
In anticipation of its new powers to regulate the largest digital platforms, the EU is planning to open a San Francisco base to engage with these companies, which are based mostly in Silicon Valley and the broader Bay Area....more
On March 25, 2022, the U.S. and EU announced that they reached a political agreement in principle on a new "Trans-Atlantic Data Privacy Framework" (the Framework). This would be the third framework for EU-U.S. personal data...more
New Set of SCCs for Data Transfers to Third Countries On June 4, 2021, the European Commission (EC) published its long awaited new set of Standard Contractual Clauses (New SCCs). This new data transfer mechanism allows for...more
On January 18, 2021, the European Data Protection Board (EDPB), comprised of all national supervisory authorities (SAs) of the European Union, published draft guidelines for data breach notification (the Guidelines)....more
2/12/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
On December 15, 2020, the European Commission (EC) unveiled a set of proposals to regulate digital platforms. The draft laws include antitrust-related requirements, addressed by the Digital Markets Act (DMA) and more general...more
On November 12, 2020, the European Commission (EC) issued a draft version of a new set of Standard Contractual Clauses (New SCCs). The long-awaited New SCCs include several modules that companies can use depending on the...more
On December 19, 2019, in the Facebook Ireland and Schrems (Schrems 2.0) case, the Advocate General (AG) to the European Court of Justice (ECJ)—European Union's highest court—opined that the EU Standard Contractual Clauses...more
12/23/2019
/ Binding Corporate Rules ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Supervisory Authorities (ESAs) ,
Facebook ,
International Data Transfers ,
Personal Data ,
Popular ,
Right to Be Forgotten ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
US-EU Safe Harbor Framework
On July 9, 2019, the European Court of Justice (ECJ)—the highest court of the European Union—will hear oral arguments in the Schrems 2.0 case relating to the validity of two key data transfer mechanisms: the Standard...more
7/26/2019
/ Binding Corporate Rules ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Safe Harbors ,
Standard Contractual Clauses
On June 27, 2019, the EU Regulation on Information and Communication Technology (Cybersecurity Act or Act) became effective introducing, for the first time, EU-wide rules for the cybersecurity certification of products and...more
The UK's pending exit from the European Union on March 29, 2019, will have far-reaching effects on many business activities, including the processing of personal data. While the ultimate legal implications are subject to...more
On April 14, 2016, the European Parliament formally adopted the General Data Protection Regulation (GDPR). With this vote, the new EU data protection legal framework will become legally effective in two years and 20 days from...more
The last two months certainly have been eventful in the world of privacy. In this issue of The WSGR Data Advisor, we examine the Court of Justice of the European Union’s recent and highly significant Schrems decision that...more
11/20/2015
/ Comcast ,
Cybersecurity ,
EU ,
EU Data Protection Laws ,
Federal Trade Commission (FTC) ,
HIPAA Audits ,
PCI-DSS Standard ,
Schrems I & Schrems II ,
Securities and Exchange Commission (SEC) ,
Security and Privacy Controls ,
Technical Conference ,
US-EU Safe Harbor Framework
On October 16, 2015, the body of European data protection regulators (Article 29 Working Party or WP29) issued a statement on the implementation of the judgement of the Court of Justice of the European Union (CJEU) in...more
10/19/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Model Contracts ,
Popular ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
Today, the Court of Justice of the European Union (CJEU), the EU's highest court, issued a groundbreaking decision that invalidates the EU-U.S. Safe Harbor program. Given the widespread reliance on the Safe Harbor framework...more
On June 15, 2015, the Ministers of Justice of all 28 European Union member states, sitting as the Council of the EU (Council), reached a crucial agreement for the future EU data protection legal framework. Much work still...more
In this issue:
- Proposed California Law Would Impose Data Breach Liability on Retailers and Create More Stringent Data Security Requirements for Businesses
- FTC Continues Its Aggressive FCRA Enforcement and...more
7/30/2014
/ Big Data ,
Breach Notification Rule ,
Data Breach ,
Data Protection ,
Enforcement ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
Fair Credit Reporting Act (FCRA) ,
FCC ,
FTC v Wyndham ,
Privacy Laws ,
Text Messages ,
Texting ,
Wyndham
In this issue:
- Kaiser Foundation Health Plan Settles California Attorney General Charges over Delayed Data Breach Notification
- Status of the EU Regulation and the Safe Harbor Framework
- FTC Steps...more
Introduction -
On October 21, 2013, the European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee) held its long-awaited vote and adopted compromise amendments that would modify the...more
10/24/2013
/ Consent ,
Cookies ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
Internet ,
LIBE ,
Notice Requirements ,
Penalties ,
Personally Identifiable Information ,
Right to Delete
The years 2012 and 2013 have been particularly intense for legislators and privacy professionals globally. Many countries have enacted or are in the process of enacting/updating their data protection framework. In that...more
Originally published in "Privacy & Security Law Report" January 21, 2013.
One year ago (Jan. 25, 2012), the European Commission published its proposal to reform the European Union’s (EU) legal framework for data...more