Open insurance is a trend gaining traction throughout the global insurance industry. Similar to open banking, it involves the industry moving to a connected data ecosystem powered by open application programming interfaces...more
On 10 July 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (the DPF). With immediate effect, the adequacy decision provides a new lawful basis for transfers from...more
7/14/2023
/ Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
SCC ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
On 22 May 2023, the Irish Data Protection Commission (DPC) issued Meta Platforms Ireland Limited (Meta Ireland) with a EUR 1.2 billion (approximately 1.3 billion U.S. dollar) fine for breaches of the GDPR with respect to...more
On 4 May 2023, the European Court of Justice (CJEU) delivered its highly anticipated judgement in Österreichische Post (Case C-300/21) on a crucial issue: the extent to which data subjects affected by a breach of the GDPR...more
5/16/2023
/ Compensation ,
Court of Justice of the European Union (CJEU) ,
Damages ,
Data Breach ,
Data Collection ,
Data Retention ,
EU ,
General Data Protection Regulation (GDPR) ,
Infringement ,
Personal Data ,
UK
On February 24, 2023, the Cyberspace Administration of China (CAC) released the much-awaited Measures for the Standard Contract for Outbound Transfer of Personal Information (China SCC Measures) together with the issuance of...more
On July 18, 2022, the U.K. Government published a paper on its proposals for AI regulation “Establishing a pro-innovation approach to regulating AI” (the AI Paper). This was published alongside the Government’s AI Action...more
The UK government has recently published proposals to amend UK data protection legislation with moves towards divergence from EU rules and regulation following the UK’s decision to leave the EU (“Brexit”). The Data Protection...more
8/4/2022
/ Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Proposed Legislation ,
Suspicious Activity Reports (SARs) ,
UK ,
UK Brexit ,
UK Data Protection Act ,
UK GDPR
The U.K. Information Commissioner’s Office (UK ICO) recently confirmed the options and clarified the timing of new data transfer agreements for transfers of personal data out of the U.K. The situation has been somewhat...more
On September 10, the U.K. government launched a consultation “Data: A New Direction” (Consultation), which proposes significant changes to the U.K.’s data protection framework.
The U.K. government has signalled its...more
The United Kingdom Information Commissioner’s Office (ICO) recently launched a consultation regarding the transfer of personal data outside of the U.K. The ICO is seeking comment on its draft international data transfer...more
Last year’s European Court of Justice (ECJ) judgement in Data Protection Commissioner v Facebook Ireland LTD, Maximillian Schrems, C-311/18 (Schrems II) continues to have ramifications for cross border data transfers. The...more
In early June 2021, the European Commission adopted a new set of Standard Contractual Clauses for organizations to use to ensure compliance with the EU General Data Protection Regulation (GDPR) requirements for transfers of...more
Following on from this week’s big announcement by the European Data Protection Board (EDPB) on its expectations for international data transfers after the European Court of Justice’s July 16 Schrems II decision, the European...more
On July 16, the highest court in the European Union (EU), the Court of Justice of the European Union (CJEU), issued a landmark judgment in the case of Data Protection Commissioner v Facebook Ireland Limited, Maximillian...more
The General Data Protection Regulation (GDPR) provides that personal data may only be transferred to a country outside the European Economic Area (EEA) if that country ensures an adequate level of protection for personal...more
1/7/2020
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Standard Contractual Clauses
On 21 March 2019, an advocate general (AG) of the Court of Justice of the European Union (CJEU) delivered an opinion that sheds light on key issues related to websites’ use of cookies — data packets that can be used by...more
The General Data Protection Regulation (GDPR) significantly expanded the territorial scope of EU data protection law. This was intended to ensure comprehensive protection for EU data subjects’ rights and establish a level...more
Six months have now passed since the implementation of the EU General Data Protection Regulation (GDPR). The GDPR has raised awareness of the importance of personal privacy as a fundamental right and placed data protection...more
11/28/2018
/ Consent ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
The advent of the European Union’s General Data Protection Regulation (GDPR) has prompted other countries and regions to work to enhance their privacy regulations to meet the GDPR standards. On July 17, Japan became the...more
8/29/2018
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Japan ,
Personal Data ,
Popular
Almost a month has now passed since the General Data Protection Regulation (GDPR) entered into force. Apocalyptic predictions of huge global fines and regulatory action against businesses located outside the European Union...more
On October 18, 2017, the EU Commission released its report of the first annual review of the EU-U.S. Privacy Shield framework. The Privacy Shield is the successor of the Safe Harbor Agreement which was invalidated by the...more
10/23/2017
/ Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Popular ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The long-running legal challenge on the validity of transfers of personal data from the European Union reached another milestone last week. On October 3, the Irish High Court referred questions on the validity of EU Standard...more