Leaders of key U.S. Senate and House committees wrote to the U.S. Secretary of Commerce and the Chairman of the Federal Trade Commission asking that they work closely and expeditiously with their European counterparts to...more
In a letter to the country’s Social Security Administration, Iceland’s Data Protection Authority Personuvernd states that IP addresses are not a reliable way to determine a person’s true location...more
Cookies and trackers sat on a wall.
Cookies and trackers had a great fall.
…and all the regulators and all DPAs couldn’t put cookies together again.
The Spanish Agencia Española de Protección de Datos AEPD has issued a...more
The UK’s Information Commissioner Office’s has issued a revised statement on the Schrems II.
“Further work is underway by the European Commission and EDPB to provide more comprehensive guidance on extra measures you may...more
Germany’s Datenschutzkonferenz (DSK) issues its guidance on Shrems II:
•The transfer of personal data to the United States based on Privacy Shield is not permitted and must be discontinued immediately...
...more
In a landmark decision in what is popularly known as the "Schrems II" case, the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield, the framework that facilitated the transfers of personal data from...more
7/21/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
SCC ,
U.S. Commerce Department
The European Court of Justice’s ruling in Schrems II, invalidating the EU-U.S. Privacy Shield framework as a means of transmitting personal data from the EU to the U.S., has drawn swift reaction from data protection...more
The Court of Justice of the European Union (CJEU), in its decision in the Schrems II case, has invalidated the EU-U.S. Privacy Shield method for cross-border transfer of personal data from the European Union to the United...more
Spanish data protection authority Agencia Española de Protección de Datos (AEPD) has published helpful guidelines on the data protection aspects of using mobile apps intended to control access to places of business while the...more
Per the German DSK (the Conference of Independent German Federal and State Data Protection Supervisory Authorities), emails need to be encrypted in order to meet the minimum requirements of Article 32 of the General Data...more
A comment submitted to the California Attorney General’s final California Consumer Privacy Act regulations asked if audio recordings are personal information under CCPA and should they be included in the specific pieces...more
The European Data Protection Board has issued a statement on the adoption by the Hungarian government of derogations from certain data protection and access to information provisions of the European Union's General Data...more
Key takeaways from my recent presentation titled “Service Providers v. Data Processors: What Should Your Agreement Address?” with Lexology and Exterra...more
Italy’s data protection agency, Italian Garante, has offered its opinion on a regulatory proposal for the creation of a COVID-19 tracing app.
The proposed contact tracing system does not appear to conflict with the...more
The United Kingdom's Information Commissioner's Office has issued an opinion on the joint initiative by Apple and Google, referred to as the Contact Tracing Framework (CTF), to enable the use of Bluetooth technology to help...more
In a new guidance for employers, Hungary's Nemzeti Adatvédelmi és Információszabadság Hatóság Data Protection Authority provides a helpful to-do list to help companies comply with the EU's General Data Protection Regulation...more
Coronavirus and Data Protection guidance from the Catalan Data Protection Authority:
•Under Articles 6.1.(e) and 9.2.(i) GDPR, health authorities may share health data when this is needed for reasons of public interest in...more
The Czech Republic’s Data Protection Authority, Urad pro Ochranu Osobnich Udaju, provides its guidance on GDPR and COVID-19:
•Public health authorities are authorized to process personal data to the extent and for the...more
After many data protection authorities (in the European Union and beyond) provided guidance and FAQ's on the relationship between COVID-19 (Coronavirus) and data protection laws (e.g. GDPR), the European Data Protection Board...more
C The Austrian Data Protection Authority weighs in on Coronavirus and GDPR:
•Employers may collect the personal contact information of employees for the purpose of efficient communication during the pandemic. This...more
Iceland’s data protection authority offers advice on GDPR compliance during the COVID-19 outbreak.
Key takeaways
•Information that a person is quarantined is generally not considered to be sensitive personal...more
The United Kingdom’s Information Commissioner’s Office has provided it’s guidance on COVID-19 and data privacy.
•Public health messages are not direct marketing.
•It’s about being proportionate – if some data processing...more
General:
This is not the time for strict enforcement of data protection. We are showing agility during this crisis.
Work:
•Information that someone is infected with coronavirus is health information.
•Information that...more
Coronavirus and GDPR – the Belgian authority weighs in:
•Public health is paramount and prevention and the right to privacy are not incompatible.
•Follow the instructions of the competent authorities so that all measures...more
Coronavirus and GDPR , the Spanish AEPD weighs in:
•Data protection should not be used to hinder or limit the effectiveness of the measures taken by authorities in the fight against the pandemic.
•Consent may not be...more