The European Data Protection Board's (EDPB) Opinion 28/2024 provides valuable insights into the intersection of artificial intelligence and data protection, particularly in the context of compliance with the EU General Data...more
The European Data Protection Board (EDPB) has issued an opinion on certain data protection aspects related to processing personal data in AI models. The opinion came after the Irish supervisory authority raised questions to...more
The French government has adopted a law aimed at regulating digital services. The new SREN law (Loi Visant à Sécuriser et à Réguler l'Espace Numérique) adapts French legislation to new EU regulations, including the Digital...more
On 4 May 2023 the European Court of Justice ("CJEU") published its decision (case no. C-300/21) in which it ruled that not any infringement of the General Data Protection Regulation ("GDPR") triggers the right to compensation...more
Europe is in the midst of a transformation of its regulatory strategy for digital technologies. The EU has passed or proposed a number of laws affecting digital service providers in a broad range of legal areas and sectors....more
The EU’s Digital Markets Act seeks to ensure that EU digital markets are contestable and fair. The act imposes a set of obligations on designated “gatekeepers” (i.e., providers of core platform services (CPSs), including...more
In early October, the United States (“U.S.”) and European Union (“EU”) came one step closer to the much-awaited new EU-US Data Privacy Framework (the “Framework”), designed to facilitate transatlantic data flows between the...more
10/26/2022
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
While claims for damages in the event of data protection violations have theoretically existed for some time, they have been gaining in importance since the introduction of the General Data Protection Regulation ("GDPR")....more
After months of anticipation, the European Data Protection Board (EDPB) adopted new Guidelines on the calculation of administrative fines under the GDPR in May 2022. With the newly released Guidelines, the EDPB seeks to...more
Analysis of the Baden-Württemberg Procurement Chamber on the admissibility of the use of IT services by European subsidiaries of U.S. cloud providers I. Background In its recently published decision (12 July 2022), a...more
On 26 July 2022, the Lower Saxony data protection authority ("Lower Saxony DPA") announced that it has imposed a fine of 1.1 million euros on Volkswagen ("VW") due to GDPR violations. It found that VW has violated data...more
Google Analytics remains a hot topic for businesses and apparently also for data protection authorities (DPAs). With the advent of these new decisions and the new CNIL guidance, businesses have an even harder time justifying...more
France’s data protection authority, the Commission Nationale de Informatique et des Libertés (“CNIL”), has issued one of its highest General Data Protection Regulation (“GDPR”) sanctions to-date against Dedalus Biologie SAS...more
A “Kafkaesque” bank customer service experience in France has led to a “Right to be Forgotten” own-goal. Following a decision handed down by the judicial tribunal of Grenoble, France, on 7 February 2022, a French bank has...more
In February 2022, the United Kingdom (UK) Information Commissioner’s Office (“ICO”), along with the data protection authority (“DPA”) in the UK, published three new documents ("UK Documents") which update the UK's position on...more
On 2 February 2022 the Belgian Data Protection Authority ("Belgian DPA") ruled that IAB Europe's Transparency and Consent Framework ("TCF") does not comply with the GDPR and fined IAB Europe €250,000. While the sanctions...more
The Austrian data protection authority (Österreichische Datenschutzbehörde; Austrian DPA) recently ruled that the use of Google Analytics violated Chapter V (transfers of personal data to third parties) of the EU General Data...more
2/3/2022
/ Australia ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Schrems I & Schrems II
Significant developments in artificial intelligence, cybersecurity and consumer privacy occurred across the globe in 2021 with the anticipation of more activity in 2022. Our roundup for the year captures some of the major...more
On November 19, 2021, the European Data Protection Board (“EDPB”) issued draft guidance on the interplay between Article 3 of the General Data Protection Regulation (“GDPR”) and the provisions on international transfers...more
The French data protection authority, La Commission nationale de l’informatique et des libertés ("CNIL"), one of Europe's ("EU") most active data protection regulators, has continued to focus on the lawfulness of the use of...more