On 26 July 2019, the Greek Supervisory Authority (SA) found Pricewaterhouse Coopers (“PwC”) not compliant with General Data Protection Regulation (GDPR) in relation to the processing of its Greek employees’ personal data. The...more
The EU Commission issued today a “Communication to the European Parliament and the Council” which is entitled “Data protection rules as a trust enabler in the EU and beyond- taking stock”, which outlines the current state of...more
Dear GDPR,
Before you were born, you already attracted a lot of attention, after all, not everyone is born over two years after they are conceived and has 28 parents! And your parents had to ?resist an enormous pressure...more
5/29/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Supervisory Authorities (ESAs) ,
General Data Protection Regulation (GDPR) ,
Personal Data
On January 23, 2019, the European Data Protection Board (“EDPB”) issued an interesting opinion about personal data processed in relation to clinical trials.
The main role of the EDPB – which succeeded the Article 29...more
2/21/2019
/ Clinical Trials ,
Consent ,
Data Collection ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Pharmaceutical Industry ,
Public Interest ,
Scientific Research
On 21 January 2019, the French Data Protection Authority (the “French DPA”) fined Google LLC 50 million euros for breach of the GDPR.
As we reported on this blog, just after GDPR became applicable, noyb.eu (None of Your...more
1/23/2019
/ Consent ,
Data Controller ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Data Storage ,
Disclosure Requirements ,
Enforcement Actions ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Google ,
Online Advertisements ,
Personal Data ,
Privacy Policy ,
Terms of Service ,
Transparency
Our experience in advising clients about GDPR and assisting them in the compliance process is that there are often misconceptions about the so-called “right to be forgotten”. The purpose of this post is to address some of...more
Cultural gap between the EU and the US -
EU Data Protection Rules -
Why should you care about those rules?
..GDPR is « general » i.e. it applies to all activities including the Healthcare/Life Sciences.
..As of...more
In the European Union (“EU”), “everyone has the right to the protection of personal data concerning him or her” under the Charter of Fundamental Rights. Intellectual property is also protected as a fundamental right under the...more
On November 28, 2017, the EU’s Article 29 Working Party issued its report on the First Annual Joint Review of the EU-US Privacy Shield, which was conducted on September 18-19, 2017....more
The new GDPR is much more detailed than the 1995 Directive. The GDPR has 99 articles, versus 34 in the Directive. And a few new key concepts clearly require new guidance....more
Even though the GDPR is a general regulation, some provisions are expressly addressing the specificities of the processing of personal data in the healthcare/life science sectors....more
The clock is ticking: on May 25, 2018, in less than a year from now, the General Data Protection Regulation (“the GDPR”) will apply in all Member States of the European Union (“EU”) and will replace the Directive 95/46/CE...more
US companies with employees or clients in Switzerland will be interested to hear that the new Swiss-US Privacy Shield was approved on 11 January.
Although Switzerland is not a member of the European Union, its data...more
Reuters reported earlier this month that, according to three former employees, Yahoo Inc. had “complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo mail accounts at the behest of the NSA...more
What the recent Amazon decision tells us -
On 28 July 2016, the European Court of Justice rendered a decision in a dispute between an Austrian Consumer Protection organization known as VKI (Verein für...more
9/6/2016
/ Amazon ,
Austria ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Google ,
Hungary ,
Luxembourg ,
Member State ,
Personal Data ,
Preamble ,
Spain ,
Subsidiaries ,
Terms and Conditions
Article 29 Working Party on the EU-US Privacy Shield:
The EU’s Article 29 Working Party analyzed the final version of the Privacy Shield and issued a statement on July 26, 2016. What does this mean?...more
7/27/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU Directive ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
On 29 February the European Commission released its draft adequacy decision about the proposed Privacy Shield, which is intended to replace the invalidated EU-US Safe Harbor. While Microsoft stated on April 11 that they...more
The content of the Privacy Shield was made public yesterday and today.
The new framework dedicated to the EU / US flow of personal data is in fact a combination of several documents issued by the US and the EU....more
3/1/2016
/ Article 29 Working Party (WP29) ,
Department of Justice (DOJ) ,
Department of Transportation (DOT) ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
International Trade Commission (ITC) ,
Personal Data ,
Secretary of State ,
U.S. Commerce Department
In response to the announcement of the EU-U.S. Privacy Shield, the Article 29 Working Party issued its own statement, the key elements of which are as follows...more
What follows below is the EU’s press release regarding the agreement on a replacement for the EU-US Safe Harbor. We are working to get details and will schedule a webinar on the new framework shortly....more
2/3/2016
/ Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Press Releases ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
On 15 December 2015, the three main European institutions, the Commission, the Parliament and the Council, agreed on the final text of the General Data Protection Regulation (GDPR) which has been on the table since January...more
The European Court of Justice has just issued a decision (ECJ 6 October 2015 Case C-362/14, Maximillian Schrems v. Data Protection Commissioner) that invalidates the so-called US-EU “Safe Harbor” system. Suddenly, what 3,500...more
10/7/2015
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Edward Snowden ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Personal Data ,
SCC ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework