Life with GDPR - Meta Fined €405 million by Irish Data Protection Commission
In a landmark judgment delivered on 29 January 2025, the General Court of the European Union has affirmed the European Data Protection Board‘s (EDPB) authority to require national supervisory authorities to broaden their...more
ust over a year ago, on 21 April 2022, the seven economies (Canada, Japan, the Republic of Korea, the Philippines, Singapore, Taiwan, and the USA) participating in the Asia-Pacific Economic Cooperation (APEC) Cross-Border...more
The European Data Protection Board (EDPB) published the final version of the Guidelines on the calculation of administrative fines under the GDPR (Guidelines) on 7 June 2023. The Guidelines aim to harmonize the approach to...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year. The European Data Protection Board (EDPB) has announced that its coordinated...more
The European Data Protection Board (EDPB) issued its opinion on the draft adequacy decision of the European Commission (Draft Decision) regarding the EU-US Data Privacy Framework (DPF) on 28 February 2023. The DPF is a...more
Background Note: Data privacy has become a critical issue in the digital era, with laws and regulations constantly evolving. As a result, it’s important for cybersecurity, information governance, and legal discovery...more
On December 13, 2022, the European Commission published its draft adequacy decision recognizing the essential equivalence of U.S. data protection standards, laying the foundations for finalization of the European Union...more
Ever since the White House issued its Executive Order to pave a path for the new EU-U.S. Data Privacy Framework, stakeholders have provided both praise and criticism about whether the Executive Order sufficiently addresses...more
On 23 May 2022, the data privacy activist group ‘none of your business’ (noyb) published an open letter on the planned EU-US data transfer deal. ...more
On 6 April 2022, following the announcement of the political agreement on a new EU-US Trans-Atlantic Data Privacy Framework having been reached between the European Commission and the United States on 25 March 2022, the...more
On 25 March 2022, President Biden and the President of the European Commission (“EC”) von der Leyen announced that the U.S. and EU reached an agreement in principle on a new Trans-Atlantic Data Privacy framework for...more
On November 19, 2021, the European Data Protection Board (“EDPB”) issued draft guidance on the interplay between Article 3 of the General Data Protection Regulation (“GDPR”) and the provisions on international transfers...more
On September 27, 2021, all new contracts that involve cross-border personal data transfers must incorporate the updated standard contractual clauses (“New SCCs”) for controllers and processors. On June 4, 2021, the European...more
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements. On 4 June 2021, the European Commission released its...more
On 15 June 2021, the Court of Justice of the European Union (CJEU) issued its judgment addressing the operation of the GDPR one-stop-shop mechanism (OSS) in cross-border cases and the powers of national supervisory...more
Organizations are closely tracking which of their vendors previously relied on Privacy Shield. Separately, they are preparing Transfer Impact Assessments (“TIAs”) to evaluate and address risks associated with personal data...more
U.S. organizations continue to struggle with the transfer of personal information in compliance with European Union law, including continued compliance with the General Data Protection Regulation (GDPR)....more
In mid-January 2021, the European Data Protection Board (EDPB) announced by press release that it has adopted jointly with the European Data Protection Supervisor (EDPS) written Opinions on the European Commission’s drafts...more
In honor of Data Privacy Day, we provide the following “Top 10 for 2021.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021...more
United States - Regulatory—Policy, Best Practices, and Standard - NIST Unveils Draft Guidance to Protect Critical Infrastructure - On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
Editors’ Note: This is the third in our fifth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year. Read our previous posts on Energy and Cannabis. A year ago,...more
On November 10, 2020, the recently established Taskforce of the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area (EEA),...more
On December 2, 2020, the European Commission and the European Union (“EU”) foreign affairs service issued a joint statement with goals for the EU’s relationship with the United States. The statement highlighted areas of...more
The European Data Protection Board (EDPB) has issued its long-awaited practical guidance following the Court of Justice of the European Union’s (CJEU) landmark Schrems II decision....more