The Digital Download – EU Edition – Alston & Bird’s Privacy & Data Security Newsletter – October 2018

Alston & Bird
Contact
LinkedIn
Facebook
X
Send
Embed

EU Updates

Applying GDPR Experiences to the CCPA
Alston & Bird recently issued an advisory entitled “Applying GDPR Process Lessons to the CCPA,” authored by Jim Harvey and Karen Sanzaro. The recently and hastily adopted California Consumer Privacy Act of 2018 (CCPA) has already been compared to the General Data Protection Act (GDPR), though the two greatly differ in scope and content. However, there are valuable insights to glean from the GDPR adoption process that can give companies a head start on implementing the CCPA.

Japan and EU Agree on Terms of Reciprocal Adequacy for Data Transfers
On July 17, the European Commission announced that the European Union and Japan successfully concluded talks on reciprocal adequacy and agreed to recognize each other’s data protection systems as equivalent. In its press release, the commission explained that this adequacy agreement will create “the world’s largest area of safe transfers of data based on a high level of protection for personal data.”

German DPA Announces GDPR Compliance Survey of Large Companies – Translation Provided
Following a two-year grace period, the EU General Data Protection Regulation (GDPR) entered into force on May 25, 2018. For many companies, preparing for the GDPR was a multiyear project involving multiple teams and input or assistance from across the organization. In a prior blog post, we outlined the items we saw as particularly time- or resource-intensive.

GDPR Fragmentation May Appear More Significant Than Intended
With the entry into application of the GDPR on May 25, 2018, the EU Member States were expected to have adopted national legislation implementing the regulation. To date, however, only a fraction of Member States have effectively passed legislation, which still leaves the legal landscape precarious. The GDPR allows for deviations and specifications in several areas, for instance to introduce specific conditions or limitations for the processing of biometric, genetic, or health data; to create specific protection regimes for employee data; or to restrict the rights the GDPR grants to individuals. Businesses that operate in the EU are required to comply with both the legal framework of the GDPR and the (potentially deviating) national legal frameworks of the specific countries where they operate.

Privacy Activist Challenges Data Collection for Internet Businesses
Austrian privacy activist Max Schrems’s organization, NOYB – Center for Digital Rights, filed complaints against Google (Android), Instagram, WhatsApp, and Facebook on May 25, the same day on which the GDPR became effective. NOYB filed the complaints based on the GDPR with supervisory authorities in France, Belgium, Germany, and Austria. These “Day 1” complaints could have a definite impact on ad-supported online businesses.

EU Supervisory Authorities Disclose DPO Notification Tools
Shortly after the GDPR’s entry into application on May 25, 2018, several EU supervisory authorities have activated online data protection officer notification tools, allowing organizations to communicate the contact details of their DPO to the supervisory authorities, which is a requirement under Article 37 GDPR.

[View source.]

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Alston & Bird | Attorney Advertising

Written by:

Alston & Bird
Alston & Bird
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Alston & Bird on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide