And the cookie continues to crumble.
NOYB has filed 422 complaints with ten EU data protection authorities. The move came after it sent written warnings and draft complaints to more than 500 companies on May 31, 2021...more
The European Data Protection Board has issued final guidelines on virtual voice assistants.
The guidelines appear to be largely unchanged from the draft issued in February for public consultation...more
Third country laws – more than meets the eye. In practice – problematic legislation in disguise. The European Data Protection Board has issued a “Transformers” style plan for assessing whether or not you can transfer...more
Maybe someone is reading them after all? European Commission opens for consultation its report of the sector inquiry into consumer internet of things (IoT) devices...more
In the Connected and Automated Mobility (CAM) ecosystem, cybersecurity … should be seen as a core enabler that protects safety and provides value to products and services, and is integrated in the lifecycles of products’ and...more
The EDPB issued an opinion on the draft Standard Contractual Clauses (SCC) for a controller-processor data processing agreement under Article 28 (Data Processing Agreements) submitted by the Lithuanian supervisory authority....more
6/1/2021
/ Cross-Border Transactions ,
Data Breach ,
Data Controller ,
Data Processing Rules ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Right to Delete ,
Software ,
Standard Contractual Clauses ,
Third-Party
The Information Commissioner’s position paper on the UK government’s proposal for a trusted digital identity system provides insight into the interplay between data protection and digital identity.
Key Points-
•Given...more
If at first (and second) you don’t succeed, try try again. The European Union and United States are gearing up for “Privacy Shield 2.0” to address the difficulties faced by tens of thousands of companies in the wake of the...more
Even in the absence of a cross-border transfer of personal data from the European Union to a third country, if you are using a vendor that has a U.S. parent company, get ready to implement supplementary measures, says the...more
3/22/2021
/ Corporate Counsel ,
Cross-Border ,
Encryption ,
EU ,
International Data Transfers ,
Parent Corporation ,
Personal Data ,
Risk Assessment ,
Schrems I & Schrems II ,
Sensitive Personal Information ,
Third-Party
IAB Europe has updated its Guide to Post Third-Party Cookie Era. The guide provides a detailed overview of the various targeting techniques used today and some options and consideration going forward.
Key Takeaways-
...more
2/19/2021
/ Advertising ,
Cookies ,
CRM ,
Email ,
EU ,
Google ,
Interactive Advertising Bureau ,
Internet ,
Marketing ,
Mobile Ecosystems ,
Third-Party
The European Union Agency for Cybersecurity (ENISA) and the Joint Research Centre of the European Commission (JRC) have issued a joint guidance on “Cybersecurity Challenges in the Update of Artificial Intelligence in...more
The European Parliament is urging the United States to reform its surveillance laws to pave the way for transfers of personal data between the European Union and the U.S.
"For data controllers that fall within the scope of...more
Data Processors beware.
France’s CNIL issued an enforcement action against both a data controller (150,000 EUR) and a data processor (75,000 EUR) for inadequate information security measures leading to a...more
The United Kingdom's High Court of Justice, in the case of Soriano, determined there was no real prospect of success on the merits in a case seeking extraterritorial applicability of the EU's General Data Protection...more
“Increased usage of consumer products and industrial devices connected to the internet will also raise new risks for privacy, information- and cybersecurity, including increasingly potential impacts on the integrity and...more
In addition to the not-insignificant €2.25 million fine, CNIL's enforcement action against Carrefour France raises some universal points for companies handling data, both in the EU and in the U.S.
Big Picture...more
CCPA / CPRA for US and EU businesses -
Deep dive on CCPA's impact on European Businesses: A webinar for German and European businesses.
Main Topics
- Is my business affected by CCPA and why?
- I am already GDPR...more
12/1/2020
/ Adtech ,
Analytics ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cookies ,
Data Privacy ,
Data Sellers ,
Do Not Sell ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Opt-Outs ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Webinars ,
Websites
In the wake of the European Data Protection Board guidance on Post-Schrems II data transfers, which may render the question of using the clauses moot for some companies, the European Commission issued draft standard...more
Brace yourselves, the post-Schrems II supplemental measures are coming!
The European Data Protection Board adopted recommendations on measures that supplement transfer tools to ensure compliance with the European Union...more
How does GDPR apply to the transfer of personal data from an EU entity to an international organization?
“Entities subject to the GDPR that exchange personal data with international organisations have to comply with the...more
The U.S. government has published a whitepaper that outlines the robust limits and safeguards in the United States pertaining to government access to data in an effort to assist organizations in assessing whether their...more
In a detailed report titled "Ethics of Connected and Automated Vehicles," the European Commission sets out key data protection recommendations
Definition: Connected and Automated Vehicles (CAVs) are vehicles that are both...more
A new post-Schrems II transfer solution for cloud services?
The EU Cloud Code of Conduct General Assembly, creators of the EU Cloud Code of Conduct, announced work is underway on a proposed legal solution for the transfer...more
“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data...more
The Data Protection Authority for the German state of Baden-Württemberg has issued FAQs on the European Data Protection Board's (EDPB) Controller-Processor Guidelines.
Legal Concepts-
•Contractual clauses can represent...more