The European Data Protection Board recently published its draft Guidelines 02/2025, which remain open to consultation until 09 June 2025. Stakeholders in the blockchain industry are encouraged to submit any observations...more
On 11 February 2024, the European Data Protection Board (EDPB) adopted a new statement on age assurance. This statement, while not legally binding, will guide the enforcement of age-gating methods across the EU. Age assurance...more
In a landmark judgment delivered on 29 January 2025, the General Court of the European Union has affirmed the European Data Protection Board‘s (EDPB) authority to require national supervisory authorities to broaden their...more
In alignment with the ongoing concerns from several European data protection authorities publishing guidelines on data scrapping (i.e., the Dutch DPA, the Italian DPA and the UK Information Commissioner’s Office), the Global...more
11/13/2024
/ Algorithms ,
Artificial Intelligence ,
Consent ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection Authority ,
Electronically Stored Information ,
EU ,
Machine Learning ,
Personal Data ,
Web Scraping
The Information Commissioner’s Office (ICO) has recently published guidance for employers on monitoring workers lawfully, transparently and fairly. The guidance aims to protect workers’ data protection rights and help...more
3/27/2024
/ Artificial Intelligence ,
Data Privacy ,
Data Protection ,
Electronic Monitoring ,
Email ,
Employee Monitoring ,
Employee Privacy Rights ,
Employer Liability Issues ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Remote Working ,
UK
It has been some time already since the EU Digital Services Act (Regulation 2022/2065, DSA) was published, and since then, the discussions about Very Large Online Platforms (VLOPs) and Very Large Online Search Engines...more
1/3/2024
/ Compliance ,
Data Protection ,
Digital Marketplace ,
Digital Service Providers ,
Digital Services ,
E-Commerce ,
EU ,
European Commission ,
Online Platforms ,
Regulatory Standards ,
Search Engines ,
Transparency
In this episode, our privacy lawyers, Claude-Étienne Armingaud, Whitney McCollum, and Camille Scarparo, sit down with Arya Tripathy, a partner at Priti Suri & Associates in New Dehli, and discuss together India’s newly...more
On 14 June 2023, the European Parliament (Parliament) plenary voted on its position on the Artificial Intelligence Act (AI Act), which was adopted by a large majority, with 499 votes in favor, 28 against, and 93 abstentions....more
Closing in on the fifth anniversary of the entry into force of the EU General Data Protection Regulation (GDPR), the Irish Data Protection Commission (DPC) announced on 22 May 2023 that it had fined the Irish subsidiary of...more
In this episode, Claude-Etienne Armingaud, Eleonora Curreri, and Camille Scarparo celebrate the fifth year anniversary of GDPR along with lawyers from our European offices; Thomas Nietsch and Andreas Müller (Berlin), Nóirín...more
On 27 October 2022, the Digital Services Act was published in the EU Official Journal as Regulation (EU) 2022/2065, with the aim to fully harmonize the rules on the safety of online services and the dissemination of illegal...more
Following the 2020 Court of Justice of the European Union’s (CJEU) ruling invalidating the Privacy Shield (see our alert here), personal data transfers from the European Union to the United States required EU companies to...more
6/23/2022
/ CNIL ,
Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Protection ,
EU ,
European Supervisory Authorities (ESAs) ,
France ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
Websites
European regulators unofficially announced the major theme of this new year, through the release of several decisions pertaining to cookies and other tracking technologies in the first 10 days of 2022. As the General Data...more
1/28/2022
/ CNIL ,
Consent ,
Cookie Banners ,
Cookies ,
Data Protection ,
Data Transfers ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Schrems I & Schrems II
Following the conclusion of the adequacy talks in March 2021, the European Commission adopted on 17 December 2021 an adequacy decision addressing the transfers of personal data to the Republic of Korea under the General Data...more
On 6 October 2021, the Court of Justice of the European Union (CJEU or the Court) issued a judgment in case C-882/19 following a request for a preliminary ruling by the Court of Appeal of Barcelona (the Referring Court). ...more
On 28 June 2021, within 48 hours of the expiration of the post-Brexit grace period under the UK-EU Trade and Cooperation Agreement, the European Commission has adopted two adequacy decisions addressing the transfers of...more
BACKGROUND - On 30 March 2021, the European Commission, in a joint statement with the Personal Information Protection Commission, the data protection authority of the Republic of Korea (Korea), declared that Korea ensured a...more
Depending on whether you are an optimist or a pessimist, it will have taken the European Commission either three years and two weeks (since the entry into force of the General Data Protection Regulation (GDPR) or eleven...more
The Bavarian Data Protection Authority recently prohibited a European company from using U.S. newsletter provider Mailchimp in a first-of-its-kind decision. Since the Schrems II decision of the Court of Justice of the...more
When the General Data Protection Regulation (GDPR) came into force throughout the European Union nearly three years ago, one of its most eye-catching features was its extraterritorial jurisdiction provisions. These extend the...more
With the Brexit transition period ending on 31 December 2020, and no deal in sight, the future of cross-border data transfers between the European Economic Area (the EEA) and the United Kingdom remains unclear. On 1 January...more
The European Data Protection Board (EDPB) published two sets of new guidelines on 2 September 2020, on the concepts of controller and processor (Guidelines 07/2020, the Guidelines) and on the targeting of social media users...more
Following the French Administrative Supreme Court (Conseil d’État) dated 19 June 2020 (see our alert here), the French Supervisory (CNIL) published on 01 October 2020 its updated guidelines (the Guidelines), replacing its...more
With the recent decision from the Court of Justice of the European Union invalidating the Privacy Shield framework and subjecting the Standard Contractual Clauses (SCCs) to higher standard of enforcement, global companies...more
The long awaited Schrems II decision was published by the Court of Justice of the European Union (CJEU) on 16 July 2020, and while it has already been summarized as the death blow to the Privacy Shield framework and the...more