We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
Podcast - Regulating AI in Healthcare: The Road Ahead
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
FCPA Compliance Report: Ethical Challenges in AI, Data Protection, and Sports with Andre Paris
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Everything Compliance: Episode 156, To Document or Not Edition
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
Der Europäische Gerichtshof (EuGH) hat festgestellt, dass Kollektivvereinbarungen (wie bspw. Betriebsvereinbarungen) nur dann eine rechtliche Grundlage für die Verarbeitung von Beschäftigtendaten darstellen können, wenn sie...more
Summary - In its judgement of 11 July 2024 (C-757/22), the European Court of Justice (‘ECJ’) ruled that the violation of a controller’s information obligations under Art. 12 and 13 GDPR, can be subject to a representative...more
On March 7, 2024, the European Court of Justice (CJEU) issued a landmark ruling on digital advertising and the concepts of personal data and joint controllership under the General Data Protection Regulation (GDPR)....more
As we’ve written about before, the question of anonymization can be tricky. When is something “anonymized” or merely “de-identified” or “pseudonymous” — and when does it matter? This is a particularly fraught issue under...more
Since the European Court of Justice (ECJ) declared the “Safe Harbour” agreement—which had permitted U.S. companies to comply with EU restrictions on the transfer of personal data outside the EU—invalid in October 2015,...more
A Fresh Perspective on Data Protection and Damages - Opening statements by Peter Hense at a University of Vienna panel titled "EU Future Talks, Non-Material Damages for GDPR Violations: Quo Vadis Österreichische Post...more
The GDPR allows individuals to request information about the “recipients or categories of recipients” to whom their personal data has been disclosed. In a recent ruling, the EU’s Court of Justice said data subjects get to...more
While claims for damages in the event of data protection violations have theoretically existed for some time, they have been gaining in importance since the introduction of the General Data Protection Regulation ("GDPR")....more
On 25 March 2022, President Biden and the President of the European Commission (“EC”) von der Leyen announced that the U.S. and EU reached an agreement in principle on a new Trans-Atlantic Data Privacy framework for...more
Personal data transfers from the European Economic Area (“EEA”) to most other countries, including the United States, require companies to take prompt compliance action. The General Data Protection Regulation (“GDPR”)...more
In June, the European Commission published the final version of a new set of standard contractual clauses (SCCs) that can be used to comply with the EU’s General Data Protection Regulation (the “GDPR”). These clauses are of...more
NGE Corporate & Securities partner John Koenigsknecht recently interviewed Data Privacy & Information Governance partner David Wheeler about the new standard contractual clauses and the complex task of assessing and...more
On 14 May the Irish High Court handed down its judgment in the judicial review case brought by Facebook Ireland Ltd (FBI) against the Irish Data Protection Commission (DPC), finding substantially in favour of the DPC....more
In 2016, European companies doing business in the US were able to breathe a sigh of relief. The European Commission deemed the Privacy Shield to be an adequate privacy protection. For the next half a decade, this shield, as...more
Concerns are mounting for companies around the world as they consider their ability to transfer data from the EU following the recent decision by the Court of Justice of the European Union in Data Protection Commissioner v....more
This past July, a decision by the European Court of Justice (ECJ) struck down the European Union-United States Privacy Shield framework (EU-U.S. Privacy Shield), one mechanism through which companies could transfer personal...more
The Belgian Data Protection Authority (DPA) has published brief guidance concerning the European Court of Justice (ECJ) judgement on the European Commission’s adequacy decision provided by the EU-US data Privacy Shield...more
The Court of Justice of the European Union (ECJ) recently declared that the EU-U.S. Privacy Shield, used by thousands of businesses to transfer personal data between the EU and U.S., was invalid. [Case C-311/18, Data...more
U.S. companies will face restrictions on transferring and storing information about European residents after the European Court of Justice ruled that such transfers exposed Europeans to American government surveillance...more
On Thursday, July 16, the European Court of Justice (ECJ) ruled that the EU-US Privacy Shield is invalid. The ruling stems from the complaints filed with the Irish supervisory authority by Max Schrems regarding the transfer...more
On December 19th the EU Advocate General for the European Court of Justice issued an advisory opinion to the court in the case known as Schrems II. The main question presented to the court is the validity of the EU standard...more
The Advocate General’s Opinion of December 19, 2019 deemed valid the Standard Contractual Clauses (SCCs) adopted by the European Commission for the transfer of personal data from controllers to processors. Currently, many...more
We routinely hear from United States citizens who want advice on how to remove photographs, newspaper articles, videos or personal information about themselves from the internet. Originally published by the European...more
On 1 February 2017, the German federal cabinet adopted a draft data protection bill. The planned implementation statute aims to supplement and further define the EU General Data Protection Regulation, which will come into...more
On January 11, U.S. and Swiss authorities announced final agreement on the Swiss-U.S. Privacy Shield Framework. The Framework defines standards for handling personal data exported from Switzerland to the U.S. and enables U.S....more