Clearview AI Inc's successful challenge to the ICO’s £7.5 million fine focused on the limits of the UK GDPR’s jurisdictional reach, succeeding on the grounds that Clearview’s processing activities were outside the scope of...more
1/19/2024
/ Appeals ,
Artificial Intelligence ,
Corporate Fines ,
Data Collection ,
Data Processors ,
EU ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Jurisdiction ,
Law Enforcement ,
Personal Data ,
UK GDPR
On 8 March 2023, the newly-created Department for Science, Innovation and Technology (“DSIT”) introduced the UK government’s updated proposals for data protection reform in the shape of the Data Protection and Digital...more
4/12/2023
/ Compliance ,
Consent ,
Cookies ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
General Data Protection Regulation (GDPR) ,
Proposed Legislation ,
Regulatory Requirements ,
Small and Medium-Sized Enterprises (SMEs) ,
UK
The updated guidelines (05/2021) from the European Data Protection Board (“EDPB”) issued on 14 February 2023 (the “New Guidelines”) look at the interplay of two fundamental, protective mechanisms contained in the EU GDPR....more
3/17/2023
/ Data Controller ,
Data Processors ,
Data Protection ,
Draft Guidance ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Guidance Update ,
International Data Transfers ,
Personal Data
The UK government set out its detailed proposals for data protection reform on 18 July 2022 in the form of the Data Protection and Digital Information Bill. Compared with some of the radical ideas in the 2021 public...more
7/26/2022
/ Anonymization ,
Compliance ,
Consultation ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Subject Access Requests ,
EU Data Protection Laws ,
Proposed Legislation ,
UK
It is well known that the EU GDPR (specifically, Chapter V) restricts transfers of personal data from the EU to a “third country” (i.e. a jurisdiction outside the EEA) or to an international organisation. But what is meant by...more
12/2/2021
/ Consultation ,
Corporate Counsel ,
Data Controller ,
Data Processors ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Multinationals ,
New Guidance ,
Personal Data ,
Standard Contractual Clauses ,
Third Country Entities (TCEs)
In short, no. It is not necessary to use both the new SCCs and the new Article 28 clauses at the same time....more
The European Commission recently adopted new standard contractual clauses (SCCs) for transfers of personal data from the EU to “third countries” (the “new SCCs”). In this post, we highlight key developments in the UK’s data...more
7/9/2021
/ Data Controller ,
Data Processors ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Member State ,
Personal Data ,
Standard Contractual Clauses ,
UK ,
UK Brexit
According to a press release of the data protection authority (DPA) of Lower Saxony earlier this month, nine German DPAs will participate in a coordinated audit of companies in Germany regarding their transfers of personal...more
6/30/2021
/ Audits ,
Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection Authority ,
EU ,
European Economic Area (EEA) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Germany ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
This article explores the topic of appointed representatives under Article 27 of the GDPR. What are they? When do you need one? How is regulatory enforcement starting to play out in the EU and in the UK on this issue?...more
6/21/2021
/ Appointed Public Officials ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Enforcement Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Registered Representatives ,
Regulatory Requirements ,
UK
The last few years have witnessed remarkable changes in the privacy world. The GDPR, the CCPA, the invalidation of the EU-US Privacy Shield framework and the related obligations resulting from the Schrems II decision - to...more
5/7/2021
/ Binding Corporate Rules ,
California Consumer Privacy Act (CCPA) ,
Data Controller ,
Data Processors ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Importers ,
International Data Transfers ,
Privacy Laws ,
Risk Assessment ,
Schrems I & Schrems II ,
Standard Contractual Clauses
With the UK unambiguously out of the EU, this fourth and final installment of our Data & Brexit Digest explores the topic of appointed representatives under Article 27.
What is an Article 27 representative?
The...more
On 2 September 2020, the European Data Protection Board (“EDPB”) published draft guidelines on the concepts of controller, joint controllers and processor, which – as explained below - play a crucial role within GDPR...more
On 2 September 2020, the European Data Protection Board (“EDPB”) published draft guidelines on the concepts of controller, joint controllers and processor, which – as explained below - play a crucial role within GDPR...more
We are now over a year on from the major changes made to the European data protection regime by the GDPR so it is time to revisit what the changes mean now for the hospitality sector and investment in it, given increased...more
11/6/2019
/ Amended Regulation ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processing Rules ,
Data Processors ,
e-Privacy Directive ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Hospitality Industry ,
Hotels ,
Information Commissioner's Office (ICO) ,
Member State ,
Popular ,
Regulatory Standards ,
Risk Management ,
Technology ,
UK