Advocate General Spielmann opines that personal data can be pseudonymous in the hands of one party and anonymous in the hands of another....more
2/20/2025
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
EDPS ,
EU ,
General Data Protection Regulation (GDPR) ,
Legal Opinion ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
Transparency
The CJEU has decided that the maximum thresholds for GDPR fines should be calculated using the global turnover of the broader corporate group, not solely the infringing entity....more
2/20/2025
/ Affiliates ,
Civil Monetary Penalty ,
Corporate Fines ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Multinationals ,
Personal Data ,
Privacy Laws
Companies subject to India’s new data protection law should assess practical implications.
The Indian parliament enacted India’s first comprehensive data protection law on 11 August 2023, namely the Digital Personal Data...more
Organisations must provide individuals with information on the specific recipients of their data upon request.
The Court of Justice of the European Union (CJEU) has ruled that organisations must generally disclose the...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year.
The European Data Protection Board (EDPB) has announced that its coordinated...more
3/27/2023
/ Court of Justice of the European Union (CJEU) ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Harmonization ,
Personal Data
The Information Commissioner’s Office published draft guidance on privacy enhancing technologies that can be used to comply with privacy-by-design requirements.
On 7 September 2022, the Information Commissioner’s Office...more
Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role.
The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current...more
8/19/2022
/ Anonymization ,
Compliance ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Security ,
Electronic Communications ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Proposed Legislation ,
UK ,
UK Data Protection Act
UK government sets out ambitious proposal for reforming the UK data protection landscape.
On 17 June 2022, the Department for Culture, Media and Sport (DCMS) published its response to its consultation “Data: a new...more
7/13/2022
/ Consultation ,
Data Protection ,
e-Privacy Directive ,
Electronic Communications ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Regulatory Agenda ,
UK ,
UK GDPR
The Advocate General argues that organisations should provide individuals with information on the specific recipients of their personal data.
Advocate General Giovanni Pitruzzella (AG) of the Court of Justice of the...more
The EDPB sets out relevant steps and factors that EU supervisory authorities should consider when calculating administrative fines under the GDPR.
On 16 May 2022, the European Data Protection Board (EDPB) adopted draft...more
6/1/2022
/ Data Controller ,
Data Processors ,
Data Protection ,
Draft Guidance ,
European Data Protection Board (EDPB) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Infringement ,
Personal Data ,
Statutory Penalties ,
Trademark Infringement
The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations.
The use of card, contactless, and innovative digital payment solutions has significantly...more
11/9/2021
/ Anti-Money Laundering ,
Bank Secrecy Act ,
CNIL ,
Consultation ,
Data Collection ,
Data Protection ,
Data Protection Authority ,
European Central Bank ,
European Data Protection Board (EDPB) ,
France ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Mobile Payments ,
Open Payments ,
Payment Systems ,
PCI-DSS Standard ,
Personal Data ,
Sensitive Personal Information ,
White Papers
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements.
On 4 June 2021, the European Commission released its...more
6/28/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
Die Datenschutzorganisation noyb droht mit über 10.000 Beschwerden wegen möglicher rechtswidriger Verwendung von Cookies.
Am 31. Mai 2021 startete die Datenschutzorganisation noyb (die Abkürzung steht für „none of your...more
As the Brexit transition period draws to a close, businesses will need to consider their data protection efforts to comply with both UK and EU regimes.
The end of the Brexit transition period on 31 December 2020 will have...more
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision.
On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
12/8/2020
/ Data Controller ,
Data Processors ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Public Consultations ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses.
On 10 November, the European Data Protection Board (EDPB) released...more
As contactless transactions boom, EU regulators publish draft guidelines on the interplay between the GDPR and PSD2.
Last year, more than half of all payments in the UK were made by card and contactless methods, while cash...more
11/4/2020
/ Anti-Money Laundering ,
Anti-Terrorism Financing ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Member State ,
New Guidance ,
Payment Systems ,
Personal Data ,
PSD2
A ruling by the EU’s top court invalidates the key mechanism for transferring personal data from the EU to the US and imposes additional conditions for use of the standard contractual clauses.
On 16 July 2020, the Court of...more