Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
As cyberattacks become more sophisticated, cybersecurity remains a top concern for regulators, consumers, business partners, and investors. Weak security can cause substantial harm to a company and lead to litigation,...more
The Court of Justice of the European Union (CJEU) published the Advocate General's Opinion on whether the GDPR would restrict the sale of a database by court enforcement officers to satisfy creditor claims without the consent...more
In a significant milestone for EU-U.S. cross-border transfers of personal data under Article 45 of the General Data Protection Regulation (GDPR), the European Commission adopted an adequacy decision for the new EU-U.S. Data...more
On July 4, 2023, the European Commission (EC) published its proposal for a regulation laying down additional procedural rules for the enforcement of the EU General Data Protection Regulation (GDPR) (proposal). The proposal...more
The Pakistan Ministry of Information Technology and Telecommunication (MITT) released a new draft of the Personal Data Protection Bill, 2023 (the PDPB) on 19 May 2023. The PDPB aims to regulate the collection, processing,...more
The Court of Justice of the EU (CJEU)1 has held that the General Data Protection Regulation (GDPR) requires controllers to provide data subjects a "faithful reproduction" of their personal data, which takes into account the...more
The updated guidelines (05/2021) from the European Data Protection Board (“EDPB”) issued on 14 February 2023 (the “New Guidelines”) look at the interplay of two fundamental, protective mechanisms contained in the EU GDPR....more
In a recent judgment, the Court of Justice of the European Union (the CJEU) has confirmed that Data Protection Officers (DPOs) can maintain other tasks and duties within their role, provided they do not result in a conflict...more
On February 2, 2022, the Belgian Data Protection Authority (“DPA”) issued a decision finding that the Interactive Advertising Bureau ("IAB”) Europe’s Transparency and Consent Framework (“TCF”) violates key provisions of the...more
Following a public consultation on an initial version released last January, the European Data Protection Board (“EDPB”) last month adopted a final version of its Guidelines on Examples regarding Personal Data Breach...more
On January 12, 2022, the French data protection authority (“CNIL“) published guidance on the reuse of personal data by processors for their purposes (“Guidance”). This the most recent guidance of a major EU regulator on a...more
It is well known that the EU GDPR (specifically, Chapter V) restricts transfers of personal data from the EU to a “third country” (i.e. a jurisdiction outside the EEA) or to an international organisation. But what is meant by...more
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
You are an American company. While you sell product or otherwise interact with Europe, and thereby collect personal information about European residents, you have no assets or facilities on that continent. Nonetheless, you...more
Even though the General Data Protection Regulation (“GDPR”) became effective on May 25, 2018, its application to U.S.-based employers continues to evolve and increase in complexity. For U.S. employers of European Union (“EU”)...more
Keypoint: The EDPB’s FAQs resolve some open questions, such as whether there will be a grace period for companies relying on Privacy Shield, but raise other questions, such as what “supplementary measures” companies need to...more
The GDPR prohibits a company from processing personal data unless one of six “lawful purposes” are present. One of those lawful purposes occurs when processing is necessary for a “legitimate interest pursued by the controller...more
The type of contractual provisions that a company is required by the GDPR to impose upon a service provider differ based upon two primary factors: (1) whether the service provider is a “processor,” a “controller,” or a “joint...more
The Situation: On July 4, 2019, the French data protection authority ("CNIL") published revised guidelines on the implementation of cookies or similar tracking technologies in order to take into account the new requirements...more
BB&K's Christina Morgan Talks About Data Privacy in Riverside Lawyer Magazine - Due to rising concerns about privacy in the digital world, in April 2016, the European Union adopted the General Data Protection Regulation...more
It is not clear at this point whether joint and several liability attaches to the actions of joint controllers. The GDPR states that a data subject “may exercise his or her rights under this Regulation in respect of and...more
It depends. The GDPR prohibits a controller from “processing” personal data unless one of six situations, or permissible purposes, applies. As the GDPR defines processing to include the “disclosure by transmission,...more
Virtually all evidence, whether in litigation or arbitration or relating to investigations carried out by regulators or enforcement authorities, will contain some personal data. A year on from the EU General Data Protection...more
Why does this topic matter to organisations? In today's world, it is increasingly important to be able to move data freely to wherever those data are needed. However, the transfer of personal data to recipients outside the...more
Why does this topic matter to organisations? Under the GDPR, the concept of a "processor" has not changed. Any entity that was a processor under the Directive likely continues to be a processor under the GDPR. However,...more