Dutch data privacy officials recently imposed a staggering penalty on Uber – €290 million ($324 million) – for allegedly breaching the European Union’s comprehensive data privacy and security law. This groundbreaking fine is...more
On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the ‘Second Report’), following its first report published in 2020....more
Privacy regulators, including the EU data protection authorities (EU DPAs), are expected to increase their scrutiny of data scraping to train AI algorithms. Data scraping involves the collection of large amounts of publicly...more
As we noted in our 2023 DSIR, there has been a flurry of activity within the information governance space, at home and abroad. This activity deserves further analysis, because while it seems from a distance that there are...more
The French Data Protection Authority capped off 2022 by terminating an investigation into Lusha Systems, Inc.’s compliance with GDPR. CNIL concluded that the law did not apply to the US company’s activities...more
Greece’s privacy protection authority recently announced it was fining Intellexa, an Israeli cyber tech company, EUR 50,000. The Hellenic Data Protection Authority (HDPA) imposed the fine as part of an investigation it...more
The regulation of cookies and similar tracking technologies is rapidly evolving, not only in the European Union and United Kingdom but also in the United States and globally. If you have visited a website recently, you might...more
As companies brace for the impact of COVID-19, the last thing on everyone’s mind may be proactive privacy compliance obligations. Certainly, companies may be thinking about privacy obligations that relate specifically to...more
FBI Issues Updated Ransomware Guidance - A recent report from New Zealand-based cybersecurity firm Emsisoft has revealed the extent to which ransomware is being used in cyberattacks in the United States. The first 9 months...more
White & Case Technology Newsflash - The development of autonomous vehicles has attracted significant attention in recent years. The technologies being used in order to enable vehicles to navigate without human assistance...more
French Data Protection Authority Issues Guidelines on Cookie Use - CNIL, France’s data protection authority, has released new rulesfor obtaining consumer consent under the GDPR for companies using cookies and other tracking...more
On July 18, 2019, the French Data Protection Authority (CNIL) issued new guidance on the use of cookies and similar tracking technologies (collectively referred to as “cookies” below). The guidance clarifies the instances in...more
Data protection authorities in the UK and France have released updated guidance for website operators that use cookies on their websites. This new guidance may mandate changes to existing cookie banners and provides further...more
Why does this topic matter to organisations? Whereas the remedies and sanctions available to DPAs under the Directive were comparatively low (generally subject to a maximum of less than €1 million per infringement, with...more
One key aspect of the EU’s General Data Protection Regulation (GDPR) is its aim of streamlining the regulatory process by providing “one-stop shopping”: the opportunity to deal with a single regulator with respect to all data...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
On December 15, 2015, European Union (“EU”) politicians and officials reached a political agreement on a new EU-wide legal framework to govern data sharing and collection and related consumer privacy rights. It is called the...more
The central European countries of Slovakia and Hungary are divided by a common 420-mile-long border. But that dividing line, and other European national borders, may now be a little more blurred due to a key ruling by the...more
After the decision of October 6, 2015, of the Court of Justice of the EU (CJEU) invalidating the decision from the EU Commission (Decision 2000/520) on the Safe Harbor, transfer of personal data to the U.S. based on Standard...more
Following the ECJ’s decision in the “Schrems” case which has invalidated the Safe Harbor framework multinational corporations may now face profound privacy law related compliance issues in a multitude of jurisdictions. In the...more
The European Court of Justice (ECJ) has struck down the 15-year-old “Safe Harbor” agreement that permitted companies operating in Europe to transmit personal user data to the United States, as long as the U.S. ensures an...more
On October 6th, the European Court of Justice (ECJ) issued its opinion in Schrems v. Data Protection Commissioner (C-362/14), a case which, among other things, challenged the validity of the European Commission’s 2000 finding...more
The Court of Justice of the European Union ruled this morning that the Safe Harbor regime, which enables transatlantic data transfers from the European Union to the United States, is invalid, thereby giving each national...more
The issue of cross border data transfer—including employee data— that is. Four years ago, Austrian law student Max Schrems attended a semester abroad study at Santa Clara University in Silicon Valley, where he heard one...more