The EU is close to finalizing the adoption of the Digital Services Act (DSA), which will impose new obligations on digital platforms regarding content moderation, due diligence for illegal content, and advertising...more
The European Union (EU) will soon be handed sweeping new rules to regulate the conduct of the largest digital platforms with the long-awaited Digital Markets Act (DMA). Following 15 months of intense negotiations on...more
3/31/2022
/ Antitrust Division ,
Antitrust Provisions ,
Corporate Counsel ,
Data Protection ,
Data Security ,
Digital Marketplace ,
Digital Markets Strategy ,
EU ,
General Data Protection Regulation (GDPR) ,
Popular ,
Targeted Digital Advertising ,
Technology Sector
On March 25, 2022, the U.S. and EU announced that they reached a political agreement in principle on a new "Trans-Atlantic Data Privacy Framework" (the Framework). This would be the third framework for EU-U.S. personal data...more
The EU Parliament and the EU Council recently adopted their respective versions of the Digital Markets Act (DMA) and Digital Services Act (DSA), which intend to create new antitrust-related (DMA) and regulatory (DSA) rules...more
On February 2, 2022, the Belgian Data Protection Authority (DPA) found that the Interactive Advertising Bureau Europe (IAB) Transparency & Consent Framework (TCF), a tool used to record individuals' online ad preferences,...more
They State That Direct Collection of Personal Data by Non-EU Companies Is Not a "Data Transfer" Under the GDPR On November 18, 2021, the European Data Protection Board (EDPB) issued guidelines (Guidelines) that—for the first...more
As of September 27, 2021, companies relying on Standard Contractual Clauses (SCCs) to transfer personal data outside the European Union (EU) must use the new Standard Contractual Clauses (New SCCs) when signing data...more
New Set of SCCs for Data Transfers to Third Countries On June 4, 2021, the European Commission (EC) published its long awaited new set of Standard Contractual Clauses (New SCCs). This new data transfer mechanism allows for...more
On January 18, 2021, the European Data Protection Board (EDPB), comprised of all national supervisory authorities (SAs) of the European Union, published draft guidelines for data breach notification (the Guidelines)....more
2/12/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
On December 15, 2020, the European Commission (EC) unveiled a set of proposals to regulate digital platforms. The draft laws include antitrust-related requirements, addressed by the Digital Markets Act (DMA) and more general...more
On November 12, 2020, the European Commission (EC) issued a draft version of a new set of Standard Contractual Clauses (New SCCs). The long-awaited New SCCs include several modules that companies can use depending on the...more
On November 11, 2020, the European Data Protection Board (EDPB), comprised of the European data protection regulators (DPAs), issued two long-awaited sets of recommendations. These recommendations are critical for any...more
On September 7, 2020, the European Data Protection Board (EDPB) published draft guidelines (Guidelines) intended to clarify the roles of the parties processing personal data and when they are operating as controllers, joint...more
Over the last few days, the European Data Protection Board (EDPB), the European Data Protection Supervisor (EDPS) and various Supervisory Authorities (SAs) across Europe issued statements addressing the decision of the...more
The COVID-19 virus outbreak poses serious challenges to businesses operating globally, including in Europe. In response to the outbreak, governments worldwide are taking increasingly severe measures to fight the pandemic, and...more
3/26/2020
/ Coronavirus/COVID-19 ,
Corporate Counsel ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Data Subject Access Requests ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Security ,
Personal Data ,
Privacy Laws
On February 7, 2020, the European Data Protection Board (EDPB) published draft guidelines on the processing of personal data in the context of connected vehicles and mobility related applications. If adopted in their current...more
3/10/2020
/ Automotive Industry ,
Connected Cars ,
Consultation ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Draft Guidance ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Data
On December 19, 2019, in the Facebook Ireland and Schrems (Schrems 2.0) case, the Advocate General (AG) to the European Court of Justice (ECJ)—European Union's highest court—opined that the EU Standard Contractual Clauses...more
12/23/2019
/ Binding Corporate Rules ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Supervisory Authorities (ESAs) ,
Facebook ,
International Data Transfers ,
Personal Data ,
Popular ,
Right to Be Forgotten ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
US-EU Safe Harbor Framework
On June 28, 2019, the French Data Protection Authority (CNIL) released its 2019-2020 action plan on ad targeting (action plan); among other things, the CNIL announced that it will issue new cookie guidance later this month...more
On July 9, 2019, the European Court of Justice (ECJ)—the highest court of the European Union—will hear oral arguments in the Schrems 2.0 case relating to the validity of two key data transfer mechanisms: the Standard...more
7/26/2019
/ Binding Corporate Rules ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Safe Harbors ,
Standard Contractual Clauses
On June 27, 2019, the EU Regulation on Information and Communication Technology (Cybersecurity Act or Act) became effective introducing, for the first time, EU-wide rules for the cybersecurity certification of products and...more
The UK's pending exit from the European Union on March 29, 2019, will have far-reaching effects on many business activities, including the processing of personal data. While the ultimate legal implications are subject to...more
In yet another round of Schrems versus Facebook, on January 25, 2018, the Court of Justice of the European Union (CJEU) ruled that privacy activist Max Schrems is a consumer with regard to his Facebook profile despite his...more
On October 3, 2017, the High Court of Ireland issued its decision in Data Protection Commissioner vs Facebook and Schrems1 concerning the validity of the EU Standard Contractual Clauses (SCCs)—a mechanism used by a very large...more
The EU Parliament Committee in charge of reviewing the EU Commission's Proposal for an e-Privacy Regulation (Proposal) released a Draft Report proposing amendments this week....more
6/23/2017
/ Bluetooth ,
Data Protection ,
Do Not Call List ,
e-Privacy Directive ,
Electronic Communications ,
Encryption ,
EU ,
General Data Protection Regulation (GDPR) ,
Opt-In ,
Web Tracking ,
Wifi
On July 26, 2016, the body of European Data Protection Authorities (DPAs)—the "Article 29 Working Party" (WP29)—issued a statement commending the improvements made to the EU-U.S. Privacy Shield (Privacy Shield). Although the...more