Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
[Webinar] You Are Here: First Steps in Data Mapping
Fintech Focus Podcast | What Does AI Safety Mean For Fintechs?
The FTC's Health Privacy Enforcement Actions
The FTC and DOJ Act Against Amazon to Protect Privacy
Law Brief®: Rich Schoenstein and Annmarie Giblin Discuss Cyber Law
Biometric Litigation
Podcast - The FTC Agenda & Data Privacy
Webinar Recording – The Colorado Privacy Act and Draft Rules
2022 DSIR Report Deeper Dive: Personal Data Deletion
Congress Tries to Wrangle Cyber and Crypto Industries
Who are the decision makers at INTERPOL's CCF?
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
Oklahoma: Changing Data Privacy as We Know It?
Privacy Talk | The New Swiss Data Protection Act
Update on Global Data Privacy Regulations by John Jackson
Nota Bene Episode 93: Navigating the New Global Cybersecurity Compliance Landscape with Scott Giordano
This article is the first in a three-part series on collective claims and class actions in the EU and the US. As collective claims become more prevalent in the EU, companies offering platforms, products, and services in both...more
On November 9, 2023, the European Parliament adopted the EU Data Act, a new regulation providing harmonized rules on access to data, switching cloud providers and interoperability requirements across the EU. It is widely...more
On July 10, 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (“Adequacy Decision”). This ends a three-year journey to set up a successor to the EU-U.S. Privacy...more
The French Data Protection Authority imposed a €280,000 fine for GDPR infringements and a €100,000 fine for violation of French cookie rules. On 11 May 2023 the French Data Protection Authority (the CNIL) handed down its...more
The road to the adoption of a lasting framework for EU-U.S data transfers has been anything but smooth. Much like its predecessor, Safe Harbor, the EU-U.S Privacy Shield met its end in 2020 when the Court of Justice of the...more
The court determined that mere infringement of the GDPR is insufficient for a damages claim, but that there is no minimum threshold for non-material damages. In a recent judgment (Case C-300/21), the Court of Justice of...more
On January 18, 2022, the European Data Protection Board (the "EDPB") issued the Guidelines 01/2022 on data subject rights - Right of access (the "Draft Guidelines"), laying out its interpretation of Article 15 GDPR on the...more
The European Union has already enacted several Directives to allow (or mandate) the possibility for companies to access and re-use the data held by EU public administrations in the European Union. However, in many cases this...more
On 27 August 2021, the Swiss Federal Data Protection and Information Commissioner (FDPIC) formally recognised the new EU Standard Contractual Clauses (SCC) for international transfers from Switzerland to third countries if...more
The European Commission recently adopted new standard contractual clauses (SCCs) for transfers of personal data from the EU to “third countries” (the “new SCCs”). In this post, we highlight key developments in the UK’s data...more
The European Commission published a draft Adequacy Decision for the UK on 19 February. That document remains in draft, though it is understood to have successfully cleared the last formal approval stage required....more
Earlier this year, the European Data Protection Board (“EDPB”) issued additional guidance on the application of the General Data Protection Regulation (“GDPR”) in the area of scientific health research. In key takeaways...more
On 10 February 2021, over two and a half years after the anticipated adoption of the e-Privacy Regulation, European Member States have agreed to a revised text. Portending a potential break in the three-year impasse, the...more
The end of the Brexit transition period is upon us. As of 1 January 2021, the UK is a 'third country' under the EU General Data Protection Regulation (GDPR), though the transition period has been extended for up to six months...more
In spite of the holiday period, few will have missed the fact that the UK and the EU concluded a Trade and Cooperation Agreement on 24 December 2020. The Agreement provides a framework under which trade will take place...more
With the end of the Brexit transition period around the corner, companies doing business in the EU and UK must prepare for data protection change – and not only international data transfers. Our Privacy & Data Security Team...more
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision. On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
As contactless transactions boom, EU regulators publish draft guidelines on the interplay between the GDPR and PSD2. Last year, more than half of all payments in the UK were made by card and contactless methods, while cash...more
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
You are an American company. While you sell product or otherwise interact with Europe, and thereby collect personal information about European residents, you have no assets or facilities on that continent. Nonetheless, you...more
Data centre operators in Europe could benefit from Brexit and have already been preparing for years for precisely this scenario, including by expanding such data centre capacities in Continental Europe....more
The United Kingdom (UK) finally left the EU on 31 January 2020. The withdrawal agreement provides for the UK to continue to be treated largely as an EU member state until the end of the transition period on 31 December 2020,...more
The European Data Protection Supervisor, the independent European Union authority responsible for data protection regulatory oversight, issued a preliminary opinion on data protection and scientific research. The Opinion...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed. ——— (b) Relevant legislation includes: ...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed. ———...more