On 7 June 2024, in the case of Harrison v Cameron & Another, the High Court ruled that, in the context of a data subject access request under Article 15 UK GDPR, data subjects are entitled in principle to know the specific...more
On 6 June 2024, the Italian supervisory authority ('Garante') published its opinion that the Wikimedia Foundation, Inc ('Wikimedia'), a US-based non-profit which hosts the free-to-use encyclopaedia website Wikipedia, was not...more
The Court of Justice of the European Union (CJEU) published the Advocate General's Opinion on whether the GDPR would restrict the sale of a database by court enforcement officers to satisfy creditor claims without the consent...more
The French supervisory authority (CNIL) asked for public comments on its draft recommendation on data security in relation to processing that presents particularly high risks to individuals or to the public interest (the...more
9/15/2023
/ CNIL ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
France ,
General Data Protection Regulation (GDPR) ,
Risk Management
On 10 July 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This decision enables the free flow of personal data from the EU and three EEA countries (Iceland,...more
The European Commission published its Proposal for a Regulation (on 4 July 2023) laying down additional procedural rules relating to the enforcement of GDPR (the Proposal), which aims to complement the GDPR by specifying the...more
The Court of Justice of the European Union (CJEU) published its decision in the case of J.M. v Pankki S (Case C‑579/21) on 22 June 2023....more
On 26 April 2023, in case T-557/20 (Single Resolution Board v EDPS), the Court of Justice of the European Union in its General Court configuration (the Court) annulled the decision of the European Data Protection Supervisor...more
The Court of Justice of the European Union (CJEU) issued on 4 May 2023 three decisions in cases concerning interpretation of key aspects of the GDPR. It also published three opinions of the Advocate General (AG). Below is a...more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
4/25/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Popular ,
UK
The Court of Justice of the European Union (CJEU) published its decision in Norra Stockholm Bygg AB v Per Nycander AB, C-268/2021 (Norra) on 2 March 2023. The CJEU held that the GDPR applies, in civil court proceedings, to...more
The German Data Protection Conference of supervisory authorities (DSK) issued a decision on how to evaluate the risk of personal data being accessed by non-EEA public authorities, or by a parent company, when processed by a...more
The Court of Justice of the European Union (CJEU) delivered its judgment in Case C-154/21 Österreichische Post (the Österreichische Post case) on 12 January 2023. The case relates to the interpretation of Art. 15(1)(c) GDPR,...more
On 12 October 2022, the European Data Protection Board (EDPB) announced the outcomes of its plenary meeting held on 10 October 2022....more
On 3 October 2022, the new Secretary of State of the Department for Digital, Culture, Media & Sport (DCMS), Michelle Donelan, announced plans to replace the EU GDPR with the UK’s own “business and consumer-friendly, British...more
On 27 July 2022, the Council of State (RVS), the highest administrative court of the Netherlands, published its decision in the VoetbalTV case regarding the interpretation of the legitimate interest legal basis for...more
On 30 June 2022, the EDPB published the documents adopted during its 66th plenary session....more
On 23 May 2022, the data privacy activist group ‘none of your business’ (noyb) published an open letter on the planned EU-US data transfer deal. ...more
On 6 April 2022, following the announcement of the political agreement on a new EU-US Trans-Atlantic Data Privacy Framework having been reached between the European Commission and the United States on 25 March 2022, the...more
On 10 February 2022, the French supervisory data protection authority (CNIL) announced that it issued a formal notice to a website operator to bring its data processing in relation to audience measurement and analysis in...more
On 2 February 2022, the Department for Digital, Culture, Media and Sport (DCMS) laid before Parliament the international data transfer agreement (IDTA), the international data transfer addendum to the European Commission’s...more
On 20 January 2022, the European Parliament finalised its position on the draft Digital Services Act (DSA), which was adopted with a broad majority during the plenary session....more
On 2 December 2021, the Court of Justice of the European Union (CJEU) published the Advocate General’s (AG) opinion in case C-319/20 (Facebook Ireland) (the AG Opinion) relating to the issue of whether Member State law may...more
In the past two weeks, there has been significant progress in relation to a number of pieces of proposed EU legislation relating to data protection, data governance, and digital markets....more
On 19 October 2021, the European Data Protection Board (EDPB) announced that it has published its final guidelines on the restrictions under Article 23 GDPR (Guidelines) following the end of its public consultation and...more