Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
The European Data Protection Board (EDPB), the independent EU body responsible for ensuring the consistent application of the EU General Data Protection Regulation (GDPR) across all EU member states, has kicked off its...more
A recent judgment of the European Court of Justice (ECJ) sheds light on the question of whether a data controller can be exempted from liability for the error of a person acting under its authority....more
In August 2020, privacy activist organization NOYB – European Center for Digital Rights filed 101 complaints with the EU Supervisory Authorities (‘SAs’) in connection with the transfer of personal data from Europe to...more
Meta Ireland (Meta) has recently been issued with two fines by the Irish Data Protection Commission (DPC) for breaches of the EU General Data Protection Regulation (GDPR) relating to advertisements run on its Facebook and...more
The Advocate General argues that organisations should provide individuals with information on the specific recipients of their personal data. Advocate General Giovanni Pitruzzella (AG) of the Court of Justice of the...more
In February 2022, the United Kingdom (UK) Information Commissioner’s Office (“ICO”), along with the data protection authority (“DPA”) in the UK, published three new documents ("UK Documents") which update the UK's position on...more
Following a public consultation on an initial version released last January, the European Data Protection Board (“EDPB”) last month adopted a final version of its Guidelines on Examples regarding Personal Data Breach...more
It is well known that the EU GDPR (specifically, Chapter V) restricts transfers of personal data from the EU to a “third country” (i.e. a jurisdiction outside the EEA) or to an international organisation. But what is meant by...more
On June 4th, the European Commission issued modernized Standard Contractual Clauses (SCCs) under the EU General Data Protection Regulation (GDPR) for data transfers from controllers or processors in the EU/EEA (or otherwise...more
China’s long-awaited Personal Information Protection Law (PIPL), after two rounds of draft versions, was finally passed by the Standing Committee of the National People's Congress on August 20, 2021, with the law effective...more
On June 4, 2021, the European Commission adopted two new sets of standard contractual clauses (SCCs): one for data transfers from data controllers to data processors and one for data transfers from data exporters to data...more
The new standard agreement for service providers (which we’ll refer to as the Controller-Processor SCCs) adopted by the European Commission on June 4th was understandably a bit overshadowed by the release on the same date of...more
Ending months of anxious speculation from privacy lawyers around the globe, the European Commission announced on Friday that it had adopted final versions of the new Standard Contractual Clauses (the “New SCCs”) for the...more
On June 4, 2021, the European Commission announced the definitive adoption and publication of revamped Standard Contractual Clauses (“SCCs”) for the transfer of personal data to third countries pursuant to the EU General Data...more
On 21 October 2020 the UK data protection authority (ICO) published a new Right of Access Detailed Guidance (SAR Guidance), following the public consultation on the SAR Draft Guidance (Draft Guidance) which ran from December...more
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
Keypoint: The EDPB’s FAQs resolve some open questions, such as whether there will be a grace period for companies relying on Privacy Shield, but raise other questions, such as what “supplementary measures” companies need to...more
The European Data Protection Supervisor (EDPS) has issued guidance on the concepts of data controller and processor for European Union organizations. Though it covers EU institutions, the guidance contains many concepts that...more
On 26 July 2019, the Greek Supervisory Authority (SA) found Pricewaterhouse Coopers (“PwC”) not compliant with General Data Protection Regulation (GDPR) in relation to the processing of its Greek employees’ personal data. The...more
No. The scope of the right to be forgotten under the CCPA and the GDPR differ in three important ways. First, the CCPA states only that a business may have to delete the information that it obtained “from” the consumer....more
The United Kingdom’s Information Commissioners Office (ICO) has issued, for public consultation, draft guidelines for data sharing that—once adopted —will govern all controller-to-controller data sharing agreements which are...more
Since May 25, 2018, 206,326(!) GDPR cases have been reported by Supervisory Authorities (SAs) from 31 European Economic Area (EEA) countries. Of those, 94,622 were initiated by individual complaints and 64,684 due to data...more
When responding to a data subject access request under the EU General Data Protection Regulation (GDPR) you must disclose all the relevant personal data you hold and provide all information required by Article 15 of GDPR –...more
Six months have now passed since the implementation of the EU General Data Protection Regulation (GDPR). The GDPR has raised awareness of the importance of personal privacy as a fundamental right and placed data protection...more
On November 23, the European Data Protection Board (“EDPB”) - the gathering of all European Union (EU) data protection authorities - adopted new draft guidelines on territorial scope of the GDPR. The EDPB was previously known...more