On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
In alignment with the ongoing concerns from several European data protection authorities publishing guidelines on data scrapping (i.e., the Dutch DPA, the Italian DPA and the UK Information Commissioner’s Office), the Global...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
On 16 September 2024, the UK’s data protection authority, the Information Commissioner’s Office (ICO), issued a reprimand against Sky Betting and Gaming (SkyBet) for unlawfully processing people’s data through advertising...more
The Knesset Constitution, Law, and Justice Committee has approved an amendment to the Israeli Privacy Protection Law (PPL). The amendment proposes extensive changes to the PPL, including granting additional enforcement powers...more
On 7 March 2024, the Court of Justice of the European Union issued a ruling (C-604/22 | IAB Europe) clarifying the concepts of personal data and controller in the context of the use of a Transparency and Consent Framework...more
On 2 February 2022 the Belgian Data Protection Authority ("Belgian DPA") ruled that IAB Europe's Transparency and Consent Framework ("TCF") does not comply with the GDPR and fined IAB Europe €250,000. While the sanctions...more
The European Data Protection Supervisor, the independent European Union authority responsible for data protection regulatory oversight, issued a preliminary opinion on data protection and scientific research. The Opinion...more
On November 8, the Spanish data protection authority (AEPD) published new Guidelines on the Use of Cookies (Guidelines) (Spanish only). The Guidelines have been prepared in collaboration with different organisations in the...more
In its long-awaited judgment, the European Court of Justice (CJEU) decided the data protection requirements for obtaining consent when using cookies. The court held that “passive” acceptance of cookies through prechecked...more
A year ago, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. With its extraterritorial scope and detailed requirements, the GDPR aimed to change the approach to personal data...more
The European Data protection Board (“EDPB”), which is composed of representatives of the national data protection authorities and the European Data Protection Supervisor, recently adopted an Advisory Opinion (“Opinion”) on...more
On 21 January 2019, the French Data Protection Authority (the “French DPA”) fined Google LLC 50 million euros for breach of the GDPR. As we reported on this blog, just after GDPR became applicable, noyb.eu (None of Your...more
In this month's edition of our Privacy & Cybersecurity Update, we examine Brazil's new data protection regulation, the French data protection authority's warning to two companies of potential GDPR violations and the U.S....more
The European Union’s General Data Protection Regulation (the “GDPR”) goes into effect in a little over fourteen months and from a quick glance at our bullet points analysis you can see there is a lot to consider. One crucial...more
In this edition of our Privacy & Cybersecurity Update, we highlight guidance issued by the Irish data protection authority regarding the use of location data, as well as the FTC's request for comment on its Standards for...more
On July 12, 2016, the European Commission formally adopted the Privacy Shield, a new transatlantic framework for the transfer of personal data from the European Union (EU) and certain countries of the European Economic Area...more
The European Parliament has approved the reformed General Data Protection Regulation (the “GDPR”). Given this is a Regulation (rather than a Directive), this legislation will apply automatically in every Member State (without...more
I. Introduction: Privacy Shield to Go Live August 1 (at Last) - The replacement for Safe Harbor is finally in effect, over nine months after Safe Harbor was struck down by the Court of Justice of the EU in the Schrems...more
The Düsseldorfer Kreis, a committee made up of representatives of German data protection authorities, recently published guidance on the requirements for obtaining valid consent to the collection, processing and use of...more
The EU General Data Protection Regulation (the “GDPR”) was adopted by the EU Parliament last April 14, 2016. The GDPR will replace the EU Data Protection Directive (95/46/EC), which was implemented more than 20 years ago....more
Copyright Suit Alleges Huckabee Campaign Lacks "Eye of the Tiger" - Mike Huckabee's poor performance in the Iowa caucuses – leading to his subsequent withdrawal from the race – isn't his only concern lately....more
Since 2000, the EU-US Safe Harbor program has been one means by which eligible US companies could transfer personal data from the European Union (EU) to the United States in accordance with EU law regulating transfers of...more
The European Court of Justice (ECJ) has struck down the 15-year-old “Safe Harbor” agreement that permitted companies operating in Europe to transmit personal user data to the United States, as long as the U.S. ensures an...more
On October 6th, the European Court of Justice (ECJ) issued its opinion in Schrems v. Data Protection Commissioner (C-362/14), a case which, among other things, challenged the validity of the European Commission’s 2000 finding...more