Significant developments in artificial intelligence, cybersecurity and consumer privacy occurred across the globe in 2021 with the anticipation of more activity in 2022. Our roundup for the year captures some of the major...more
On November 19, 2021, the European Data Protection Board (“EDPB”) issued draft guidance on the interplay between Article 3 of the General Data Protection Regulation (“GDPR”) and the provisions on international transfers...more
On June 7, 2021, the European Commission (Commission) published its long-awaited Implementing Decision adopting standard contractual clauses for the transfer of personal data to third countries referred to as the new Standard...more
What is the General Data Protection Regulation (GDPR)? The GDPR is an EU law that was passed by parliament and went into effect on May 25, 2018. The GDPR unifies the EU under a single data protection regime for all member...more
4/13/2021
/ Cookies ,
Cybersecurity ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Multinationals ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Requirements ,
Web Tracking
On November 11, 2020, the European Data Protection Board (EDPB) published its long-awaited guidance on what parties to international data transfers should be doing to perform such transfers in a manner compliant with the...more
On October 1st, 2020, the Data Protection Authority of Hamburg (“DPA”) announced that it issued a massive EUR 35.3 million fine against the clothing company H&M Hennes & Mauritz Online Shop A.B. & Co. KG (“H&M”) for the...more
Assessment List for Trustworthy Artificial Intelligence -
On July 17, 2020, the European High-Level Expert Group on Artificial Intelligence (“AI HLEG”) presented its final Assessment List for Trustworthy Artificial...more
8/20/2020
/ Artificial Intelligence ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Ethics ,
European Commission ,
Human Rights ,
Information Governance ,
Popular ,
Privacy Concerns ,
Regulatory Oversight ,
Small and Medium-Sized Enterprises (SMEs) ,
Sustainable Business Practices ,
Transparency
EDPB and data protection authorities’ views and statements on the “Schrems II”- decision by the CJEU -
On 16 July, 2020, the European Court of Justice (“CJEU“) passed a decision invalidating the EU-US Privacy Shield and...more
7/30/2020
/ Binding Corporate Rules ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Whatever the outcome of Schrems 2.0, the key takeaway is, don’t panic. Today, July 16, 2020, the European Court of Justice (CJEU) is expected to rule in the case of Data Protection Commissioner Ireland v Facebook Ireland...more
The European Data Protection Board (EDPB) and a number of European data protection supervisory authorities have recently issued guidance on processing personal data, including special categories of personal data (i.e., health...more
3/17/2020
/ China ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Crisis Management ,
Cybersecurity ,
Data Management ,
Data Processors ,
Data Protection ,
Denmark ,
Employee Privacy Rights ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Infectious Diseases ,
International Data Transfers ,
Ireland ,
Italy ,
Luxembourg ,
New Guidance ,
Norway ,
Personal Data ,
Personally Identifiable Information ,
PHI ,
Poland ,
Public Health ,
Risk Management ,
Spain ,
UK
Since the first enforcement actions have been initiated, some with significant fines, many companies may find themselves somewhat at a loss as they may not fully know how to assess the risks involved and how to react should...more
12/16/2019
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Processors ,
Data Protection ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
Failure to Comply ,
Fines ,
General Data Protection Regulation (GDPR) ,
Germany ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Assessment ,
Risk Management ,
Risk Mitigation ,
Treaty on the Functioning of the European Union (TFEU)
On June 28, 2019, the German parliament (Bundestag) passed new legislation imposing several changes to the current German Federal Data Protection Act (“BDSG”). Although many of the changes addressed privacy aspects of...more
7/3/2019
/ Cybersecurity ,
Data Protection ,
Data Protection Officers (DPOs) ,
Data Security ,
Deregulation ,
EU ,
General Data Protection Regulation (GDPR) ,
Germany ,
New Legislation ,
Personal Data ,
Policies and Procedures ,
Regulatory Requirements
The Bavarian Data Protection Authority (“BDPA”) took the “safer internet day” in February 2019 as an opportunity to conduct privacy checks on website operators....more
3/22/2019
/ Cookies ,
Cybersecurity ,
Data Protection ,
Enforcement Authority ,
Germany ,
Internet ,
Investigations ,
Popular ,
Regulatory Standards ,
Transparency ,
Vulnerability Assessments ,
Web Tracking ,
Websites
The EU-Japan Economic Partnership Agreement between Japan and the European Union (“EU”) recently came into force, creating the world’s biggest open trading zone that covers 635 million people and almost one-third of the...more
Just days after the European Union’s widely-discussed new data privacy regulations, the General Data Protection Regulation (“GDPR”), took effect on May 25, 2018, another EU-wide legal change quietly occurred. ...more
6/21/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Directive on Trade Secrets ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Intellectual Property Protection ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Trade Secrets
Germany is not only known as one of the best countries for enjoying beer and bratwurst, but it is also known as a country with some of the strictest data privacy laws on the planet. Within this environment, should companies...more
On December 7, 2015, more than two and a half years after the first draft, the European Union Council finally reached an important, informal agreement with the Parliament on important network and information security rules...more
Yesterday, German federal and state (Länder) data protection authorities ("DPAs") issued a Position Paper following the recent Court of Justice of the European Union ("CJEU") ruling that struck down the EU-US Safe Harbor...more
10/27/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Cloud Computing ,
Cybersecurity ,
Data Privacy ,
Data Protection Authority ,
European Commission ,
European Court of Justice (ECJ) ,
Germany ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
US-EU Safe Harbor Framework
The European Court of Justice’s (CJEU) recent decision striking down the EU-US Safe Harbor framework has created significant marketplace uncertainty and left companies scrambling for alternative cross-Atlantic data transfer...more
10/20/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Compliance ,
Cybersecurity ,
Data Protection Authority ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
National Security ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
The European Court of Justice's (CJEU) recent decision striking down the EU-US Safe Harbor framework has created significant marketplace uncertainty and left companies scrambling for alternative cross-Atlantic data transfer...more
10/19/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Cybersecurity ,
Data Protection Authority ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
National Security ,
National Security Agency (NSA) ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
1. CJEU finds Safe Harbor Invalid -
In a landmark ruling delivered today, Europe's highest court, the Court of Justice of the European Union (CJEU) declared that the EU Commission's US - EU Safe Harbour regime is...more
10/7/2015
/ Cloud Computing ,
Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Due Diligence ,
EU ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
Facebook ,
International Data Transfers ,
Personal Data ,
Popular ,
Privacy Concerns ,
Privacy Policy ,
Safe Harbors ,
US-EU Safe Harbor Framework ,
Young Lawyers
Thousands of U.S. and European companies who rely on the EU–US Safe Harbor Framework to permit the transfer of personal data from the EU to the U.S., have come a step closer to seeing the transfer mechanism struck down....more
On June 12, 2015, the German Parliament (Deutscher Bundestag) passed an Act to Improve the Security of Information Technology Systems ("IT-Security Act"). The new legislation requires operators of so-called critical...more
6/19/2015
/ Cybersecurity ,
Data Protection ,
Department of Homeland Security (DHS) ,
Energy Sector ,
Executive Orders ,
Healthcare ,
Information Technology ,
New Legislation ,
NIST ,
Obama Administration ,
Technology ,
Telecommunications ,
Traffic Laws ,
Water