On 5 May 2022, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint opinion (Opinion) addressing the legislative proposal of the European Commission for the EU Data Act,...more
On 21 April 2022, seven economies participating in the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) System announced the launch of the Global CBPR Forum to facilitate multinational cooperation in...more
With rapidly evolving developments regarding Russia and Ukraine, the FCA has reiterated that firms need to be vigilant of operational and cyber resilience....more
On 15 March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act 2022 (Cyber Incident Reporting Act). The House of Representatives passed the bill on 9 March 2022....more
On 15 February 2022, the European Data Protection Board (EDPB) launched the first coordinated enforcement action under the coordinated enforcement framework (CEF) which was set up in October 2021....more
On 2 February 2022, the Department for Digital, Culture, Media and Sport (DCMS) laid before Parliament the international data transfer agreement (IDTA), the international data transfer addendum to the European Commission’s...more
On 15 December 2021, the UK Government published its new National Cyber Strategy for 2022 based around the following five strategic pillars, representing the goals that the government intends to achieve by 2025, as first set...more
Employers are working in a new and disrupted world, with different volumes and types of data, processed for different purposes, including those driven by societal development, expectations and changing ways of working. These...more
On 18 November 2021, the European Data Protection Board (EDPB) adopted a statement (the Statement) on the recent legislative proposals issued as part of the European Commission’s Digital Services Package and Data Strategy. ...more
On 19 November 2021, the European Data Protection Board (EDPB) published the much-awaited draft guidance on the interplay between the provisions of the GDPR on territorial scope (in Article 3) and on international data...more
On 25 October 2021, the Administrative Court of Wiesbaden (the Court) announced its decision, issued in early October, to submit two questions to the Court of Justice of the European Union (CJEU) regarding the scope of the...more
On 21 October 2021, the Global Privacy Assembly (GPA) concluded its 43rd Closed Session, hosted virtually by the Mexican National Institute of Access to Information and Data Protection. During the course of the four-day...more
On 14 October 2021, the White House brought together the representatives of more than 30 national governments to address the transnational nature of the threat posed by ransomware attacks. The meeting resulted in a joint...more
10/18/2021
/ Biden Administration ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Hackers ,
Information Technology ,
Joint Statements ,
Popular ,
Ransomware ,
Regulatory Agenda ,
Risk Management
On 27 September 2021, the European Data Protection Board (EDPB) published its opinion on the draft adequacy decision of the European Commission in relation to the Republic of Korea (the Opinion). This is the first opinion on...more
On 8 September 2021, the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs published a briefing about the report that considered the ethical issues surrounding use of biometric...more
The Irish supervisory authority (Irish DPC) published its final decision to impose a fine of EUR 225 million on WhatsApp Ireland Ltd (WhatsApp)(on 2 September 2021). This decision follows a cross-border investigation into...more
On 2 August 2021, the Italian supervisory authority (Garante) announced that is has imposed a fine of EUR 2.5 million against a food delivery company Deliveroo Italy s.r.l. (Deliveroo) for violation of several requirements of...more
On 24 June 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued his opinion on the preliminary ruling request submitted by Germany's Federal Court of Justice (Bundesgerichtshof) in case...more
On 8 July 2021, the European Data Protection Board (EDPB) announced the outcomes of its plenary session that took place on 7 July. ...more
French CNIL issues guidance for organisations on transfer impact assessments, German DSK releases statement on supplementary measures and SCCs, and Hessian DPA comments on data transfer obligations (23 June 2021)....more
On 15 June 2021, the Court of Justice of the European Union (CJEU) issued its judgment addressing the operation of the GDPR one-stop-shop mechanism (OSS) in cross-border cases and the powers of national supervisory...more
The European Commission announced its proposal for a regulation that will amend the EU eIDAS Regulation and establish a framework for a European Digital Identity (the Proposal)(3 June 2021). ...more
On 25 May 2021, the Grand Chamber of the European Court of Human Rights (ECtHR) handed down its judgment in the case Big Brother Watch v United Kingdom (BBW), holding that the UK had breached the European Convention on Human...more
The UK has left the European Union (EU), the transition period is over, the UK and EU have agreed a new Trade and Cooperation Agreement (the TCA), so what now for data protection? We look at the key consequences of Brexit for...more
On 22 February 2021, the Presidency of the Council of the European Union (the Presidency) released the first compromise text of the proposal for a Regulation of the European Parliament and of the Council on European Data...more