Fierce Competition Podcast | Below-Threshold Mergers: Global Antitrust Scrutiny
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Cross-Border Data Transfers and the EU-US Data Privacy Tug of War
What's Next after the Schrems II Decision of ECJ
Compliance Perspectives: The End of the Privacy Shield
Der Europäische Gerichtshof (EuGH) hat festgestellt, dass Kollektivvereinbarungen (wie bspw. Betriebsvereinbarungen) nur dann eine rechtliche Grundlage für die Verarbeitung von Beschäftigtendaten darstellen können, wenn sie...more
Global M&A in 2024 faced geopolitical issues, elevated interest rates, and inflationary pressures, with expanding antitrust, foreign investment, national security, and export regimes adding complexity. But inflation receded...more
Summary - In its judgement of 11 July 2024 (C-757/22), the European Court of Justice (‘ECJ’) ruled that the violation of a controller’s information obligations under Art. 12 and 13 GDPR, can be subject to a representative...more
A recent judgment of the European Court of Justice (ECJ) sheds light on the question of whether a data controller can be exempted from liability for the error of a person acting under its authority....more
Valuable insights into the measures European regulators expect businesses to take to protect data privacy can be found in a report from the European Data Protection Board (EDPB) summarizing decisions under the EU’s General...more
On March 7, 2024, the European Court of Justice (CJEU) issued a landmark ruling on digital advertising and the concepts of personal data and joint controllership under the General Data Protection Regulation (GDPR)....more
In 2023, the European Court of Justice (ECJ) clarified the limits of applicants’ right of access requests under Article 15 of the European Union’s General Data Protection Regulation (GDPR) in landmark decisions with...more
Key Point: The European Commission has adopted an adequacy decision for the EU-U.S. Data Privacy Framework, which allows certain businesses to transfer data from the EU to the U.S. without the need for additional transfer...more
At the end of June, the European Data Protection Board (EDPB) published its Recommendations (Recs) on Binding Corporate Rules (BCRs). Among other things, the Recs require existing and in process BCRs to: - Incorporate...more
As we’ve written about before, the question of anonymization can be tricky. When is something “anonymized” or merely “de-identified” or “pseudonymous” — and when does it matter? This is a particularly fraught issue under...more
Since the European Court of Justice (ECJ) declared the “Safe Harbour” agreement—which had permitted U.S. companies to comply with EU restrictions on the transfer of personal data outside the EU—invalid in October 2015,...more
A Fresh Perspective on Data Protection and Damages - Opening statements by Peter Hense at a University of Vienna panel titled "EU Future Talks, Non-Material Damages for GDPR Violations: Quo Vadis Österreichische Post...more
Für alle Personalverantwortlichen gibt es spannende Neuigkeiten aus dem Bereich Beschäftigtendatenschutz: Aufgrund einer Entscheidung des EuGH (Urteil vom 30. März 2023, C 34/21) könnte § 26 BDSG, die zentrale deutsche Norm...more
It is, by now, well known that not taking data protection seriously can prove costly for organizations. Since the introduction of the European General Data Protection Regulation (the "GDPR") in 2018, non-GDPR-compliant...more
In April 2021, the European Commission proposed the EU Artificial Intelligence Act, a first-of-its-kind regulation by any global regulatory authority. The proposed Act is intended to establish harmonized rules on artificial...more
The GDPR allows individuals to request information about the “recipients or categories of recipients” to whom their personal data has been disclosed. In a recent ruling, the EU’s Court of Justice said data subjects get to...more
As we wrote in July 2020, the European Court of Justice issued a landmark decision that invalidated the Privacy Shield as untenable under the European General Data Protection Regulation (GDPR). The decision sparked...more
While claims for damages in the event of data protection violations have theoretically existed for some time, they have been gaining in importance since the introduction of the General Data Protection Regulation ("GDPR")....more
In light of the “changed security policy situation” following Russia’s invasion of Ukraine, the Norwegian data protection regulator recently encouraged any company that exports personal data to Russia and Ukraine to review...more
Personal data transfers from the European Economic Area (“EEA”) to most other countries, including the United States, require companies to take prompt compliance action. The General Data Protection Regulation (“GDPR”)...more
In June, the European Commission published the final version of a new set of standard contractual clauses (SCCs) that can be used to comply with the EU’s General Data Protection Regulation (the “GDPR”). These clauses are of...more
NGE Corporate & Securities partner John Koenigsknecht recently interviewed Data Privacy & Information Governance partner David Wheeler about the new standard contractual clauses and the complex task of assessing and...more
In a notable application of the European Court of Justice’s “Schrems II” decision, the data protection authority for the German state of Bavaria recently held that use by a German entity of US-based MailChimp (which use...more
Germany's Federal Constitutional Court holds that the question should be referred to the European Court of Justice - Is a data subject entitled to compensation from a controller or processor if the data subject's GDPR...more
Concerns are mounting for companies around the world as they consider their ability to transfer data from the EU following the recent decision by the Court of Justice of the European Union in Data Protection Commissioner v....more