Life with GDPR - Meta Fined €405 million by Irish Data Protection Commission
On October 7, 2024, the European Data Protection Board (“EDPB”) adopted an opinion on obligations following from the use of processors and sub-processors (the “Opinion”). The EDPB is the body that seeks to ensure harmonised...more
On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the ‘Second Report’), following its first report published in 2020....more
The European Data Protection Board (EDPB) recently adopted a statement suggesting the Data Protection Authorities’ (DPAs) role with regard to the EU AI Act recently published in the Official Journal of the EU....more
The opinion was issued in response to a request by the French Data Protection Authority and provides guidance on the conditions for determining a controller's main establishment where that controller has establishments in...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year. The European Data Protection Board (EDPB) has announced that its coordinated...more
Ever since the White House issued its Executive Order to pave a path for the new EU-U.S. Data Privacy Framework, stakeholders have provided both praise and criticism about whether the Executive Order sufficiently addresses...more
Data subject access requests (DSARs) are a cornerstone of the data protection regime, being fundamental in helping individuals to exercise their rights. If individuals do not know what information an organisation has about...more
The European Commission (EC) has proactively reached out to the Dutch Data Protection Authority (DPA) to criticize its interpretation of legitimate interest under the GDPR. The criticism is in response to enforcement actions...more
The European Data Protection Board (EDPB), the body which represents EU data protection authorities, has adopted guidelines (Guidelines) confirming when transfers need to be “safeguarded” in accordance with the GDPR (and...more
The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. The use of card, contactless, and innovative digital payment solutions has significantly...more
Earlier this month, the European Data Protection Board (EDPB) published a report on the resources that the EU Member States make available to their Data Protection Authorities (DPA) and on the enforcement actions initiated by...more
Welcome to the latest edition of Updata - the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
On 18 June 2021, the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) issued a joint opinion on the European Union’s proposed AI Regulation, which was announced earlier this year....more
Organizations are closely tracking which of their vendors previously relied on Privacy Shield. Separately, they are preparing Transfer Impact Assessments (“TIAs”) to evaluate and address risks associated with personal data...more
The Portuguese data protection authority issued a recent resolution ordering the Portuguese National Institute of Statistics (or INE) to stop sending personal census information to any countries outside of the EU that do not...more
Risks of non-compliance with the GDPR keep increasing with data protection authorities (DPAs) now ordering suspension of transfers of personal data to the U.S. In March, the Bavarian DPA found there was an unlawful transfer...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
United States - Regulatory—Policy, Best Practices, and Standard - NIST Unveils Draft Guidance to Protect Critical Infrastructure - On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
Garante, the Italian data protection authority, has issued FAQ's on CCTV surveillance and data protection. Highlighting the European Data Protection Board's (EDPB) guidelines on the topic, here are some takeaways: Area of...more
Keypoint: The EDPB’s much-anticipated recommendations will help companies identify the supplementary measures they need to put into place to comply with the CJEU’s Schrems II decision. Today, the European Data Protection...more
In this month's edition, we examine the Swiss data protection authority's comments on the validity of its data-sharing framework with the U.S., as well as the European Data Protection Board's guidance on joint controllers and...more
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
On September 3, 2020, The EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee), met to discuss the future of future of EU-US personal data flows following the Schrems II decision. In...more
The table below sets out the guidance provided by data protection authorities (DPA) in response to the European Court of Justice’s landmark judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland and...more
Last Friday, the European Data Protection Board (EDPB) released Frequently Asked Questions about the European Court of Justice's Schrems II case. ...more