News & Analysis as of

European Union Personal Data Privacy Laws

The European Union is an economic and political partnership comprised of 27 nations within the Eurozone. The EU was established in 1948 to promote stability and cooperation among member states in the aftermath of... more +
The European Union is an economic and political partnership comprised of 27 nations within the Eurozone. The EU was established in 1948 to promote stability and cooperation among member states in the aftermath of WWII. The EU maintains a common currency as well as several intranational institutions, including the European Parliament and the European Commission. less -
Paul Hastings LLP

ICO Annual Report Provides Insight Into Data Protection Risks for Businesses

Paul Hastings LLP on

The UK Information Commissioner’s Office’s (the ICO’s) latest Annual Report summarises its accomplishments and priorities, including last year’s enforcement actions. Based on our review of the report, we see the ICO focusing,...more

Goodwin

The Data Shift: UK Sets a New Course With 2025 Data (Use and Access) Act

Goodwin on

The Data (Use and Access) Bill passed both Houses of UK Parliament and received Royal Assent on 19 June 2025, now becoming the Data (Use and Access) Act 2025 (“DUA Act”). This is the final iteration of the Data Protection and...more

A&O Shearman

CJEU publishes an updated Fact Sheet summarising key case law on protection of personal data

A&O Shearman on

On April 28 2025, the Court of Justice of the European Union (CJEU) published an updated version of the fact sheet (the Fact Sheet) summarising key case law on protection of personal data. The Fact Sheet covers the case law...more

Sheppard Mullin Richter & Hampton LLP

Belgian DPA Finds Broad Tax Information Transfers to IRS Unlawful

Sheppard Mullin Richter & Hampton LLP on

The Belgian Data Protection Authority recently ruled that a Belgian government entity, FPS Finance, cannot transfer the personal data of “accidental Americans” to the IRS. According to the decision, the transfers needed to...more

Hogan Lovells

Latombe Case: First hearing for annulment of the EU-U.S. Data Privacy Framework

Hogan Lovells on

On April 1st, 2025, the General Court of the European Union held its first hearing on the request initiated by member of French parliament Philippe Latombe for annulment of the EU-U.S. Data Privacy Framework (“DPF”) further...more

Jackson Lewis P.C.

EU Data Enforcement Sweep: Are GDPR-Covered Entities Complying Properly with Data Subjects’ Right of Erasure?

Jackson Lewis P.C. on

The European Data Protection Board (EDPB) has launched its 2025 enforcement sweep targeting organizations’ compliance with data subjects’ right of erasure (right to delete or be forgotten), focusing particularly on how...more

A&O Shearman

CJEU issues judgment on balancing the right of access and protecting trade secrets in automated decision-making processes

A&O Shearman on

On February 27 2025, the Court of Justice of the European Union (CJEU) delivered a judgment in CK v Dun & Bradstreet (Case C-203/22). This judgment clarifies the GDPR provisions regarding the right of access to personal...more

Sheppard Mullin Richter & Hampton LLP

Forget It!: EDPB Announces Focus on Right to Erasure in 2025

Sheppard Mullin Richter & Hampton LLP on

Right of erasure (or “right to be forgotten”) has been selected by the European Data Protection Board as its priority enforcement topic for 2025. This work is being done under the “Coordinated Enforcement Framework” or “CEF.”...more

A&O Shearman

Polish supervisory authority publishes updated guide on personal data protection breaches

A&O Shearman on

On February 20, 2025, the Polish Personal Data Protection Office (UODO) published an updated version of the guide on personal data protection breaches. The first edition was released in 2018. The latest version...more

Schwabe, Williamson & Wyatt PC

Low-Budget, High-Impact Ways to Reduce Privacy and Cybersecurity Risks in 2025‎

Schwabe, Williamson & Wyatt PC on

Know What Laws Apply - Privacy and security laws, particularly in the U.S., have changed dramatically in the last few years. It’s not surprising many leaders are unsure which new laws or updated regulations apply to their...more

Latham & Watkins LLP

Personal Data: A Relative Concept?

Latham & Watkins LLP on

Advocate General Spielmann opines that personal data can be pseudonymous in the hands of one party and anonymous in the hands of another....more

Hogan Lovells

A Tale of Two CBDCs: e-CNY v. Digital Euro

Hogan Lovells on

As global momentum appears to be building for the development of central bank digital currencies (CBDCs) – bringing with it the potential to disrupt and revolutionize global payments and finance - we have taken the...more

Latham & Watkins LLP

GDPR Fines to Be Determined by Reference to Global Turnover of Corporate Group

Latham & Watkins LLP on

The CJEU has decided that the maximum thresholds for GDPR fines should be calculated using the global turnover of the broader corporate group, not solely the infringing entity....more

McDermott Will & Emery

EuGH zur Zukunft der (Datenschutz-)Betriebsvereinbarungen: Was ändert sich?

McDermott Will & Emery on

Der Europäische Gerichtshof (EuGH) hat festgestellt, dass Kollektivvereinbarungen (wie bspw. Betriebsvereinbarungen) nur dann eine rechtliche Grundlage für die Verarbeitung von Beschäftigtendaten darstellen können, wenn sie...more

Smith Anderson

GDPR Enforcement is Alive and Well - Key Considerations in 2025

Smith Anderson on

As 2025 progresses, one thing is clear—GDPR enforcement is not slowing down. In fact, regulators across Europe are intensifying their scrutiny, handing out significant fines and even warning executives of potential personal...more

Sheppard Mullin Richter & Hampton LLP

EU Fines EU?!: Alleged Unlawful Data-Transfer Dust-Up

Sheppard Mullin Richter & Hampton LLP on

Following a German case brought against the EU Commission, the EU General Court found that the Commission had made an improper transfer of personal information to the US. The plaintiff, a German citizen, alleged (among other...more

Jackson Lewis P.C.

Firings at the US Privacy and Civil Liberties Oversight Board and Potential Impact on Transatlantic Data Transfers

Jackson Lewis P.C. on

President Trump recently fired the three democrats on the Privacy and Civil Liberties Oversight Board (PCLOB). Since these firings bring the Board to a sub-quorum level, they have the potential to significantly disrupt...more

Sheppard Mullin Richter & Hampton LLP

Don’t Forget the EU: Italy Issued First GenAI Fine of €15 Million Alleging GDPR Violations 

Sheppard Mullin Richter & Hampton LLP on

At the end of 2024 the Italian Data Protection Authority issued a 15 million euro fine in the first generative AI-related case brought under GDPR. According to Garante (the Italian authority), OpenAI trained ChatGPT with...more

A&O Shearman

Council of the EU adopts the European Health Data Space Regulation

A&O Shearman on

On January 21 2025, the Council of the European Union (Council) announced its decision to adopt the Regulation of the European Parliament and of the Council on the European Health Data Space (EHDS). As we have previously...more

Katten Muchin Rosenman LLP

Privacy, Data and Cybersecurity Quick Clicks | Issue 25

Katten Muchin Rosenman LLP on

Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe....more

BCLP

CNIL Strategic Plan 2025

BCLP on

The CNIL has published its strategic plan for the period of 2025-2028. This is typical of the CNIL, who regularly inform its stakeholders of its priorities....more

Fox Rothschild LLP

Do App Permissions Satisfy Requirements for Valid Consent for the Purpose of GDPR?

Fox Rothschild LLP on

App permissions do not satisfy the requirements for valid consent for the purpose of GDPR because they lack sufficient detail and granularity, according to the Commission Nationale de l’Informatique et des Libertés (CNIL)....more

DLA Piper

Germany: Works Agreements Cannot Legitimate Inadmissible Data Processing.

DLA Piper on

If employers and works councils agree on ‘more specific rules’ in a works agreement regarding the processing of employees’ personal data in the employment context (Art. 88 (1) GDPR), these must take into account the general...more

Wilson Sonsini Goodrich & Rosati

EU Court Awards Damages for Breach of EU Data Transfer Rules

Wilson Sonsini Goodrich & Rosati on

On January 8, 2025, the second highest court of the European Union (EU), the General Court of the Court of Justice of the EU (the Court), ordered (in Bindl v European Commission, Case T-354/22) the European Commission (EC) to...more

Fox Rothschild LLP

How Legitimate Is Your Interest When It Comes To Developing AI Models?

Fox Rothschild LLP on

The European Data Protection Board’s recent opinion on AI models can be useful in several ways. Last week, I covered EDPB’s take on what the consequences could be for the unlawful processing of personal data in the...more

102 Results
 / 
View per page
Page: of 5
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide