On 4 September, the ECJ handed down a major and eagerly awaited decision on the scope of personal data, accepting the point that pseudonymised data may be anonymised in the hands of a third party. The ECJ’s approach is...more
On December 31, 2020, the Brexit transition period ended and the United Kingdom’s (UK) domestic implementation of the GDPR, the UK Data Protection Act 2018, as amended (UK GDPR), now governs the processing of personal data in...more
The European Court of Justice’s ruling in Schrems II, invalidating the EU-U.S. Privacy Shield framework as a means of transmitting personal data from the EU to the U.S., has drawn swift reaction from data protection...more
We expect national and international privacy regulators to take a pragmatic and reasonable approach to helping organisations navigate data protection compliance during the current COVID-19 crisis. This week, both the European...more
Last week, the UK Parliament passed the European Union (Withdrawal Agreement) Bill (see our recent publication regarding the key provisions of the Bill). Following Royal Assent, the European Union (Withdrawal Agreement) Act...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - United States and China Renew Promise Not to Hack - On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
The EU Passenger Name Record (PNR) Directive has had a turbulent ride: it was first proposed in 2011, rejected in 2013 by the Civil Liberties Committee and discussions suspended a year later. It was then revived in the...more