Life with GDPR - Meta Fined €405 million by Irish Data Protection Commission
On January 29, 2025, the General Court of the European Union delivered a significant judgment concerning the powers and competences of the European Data Protection Board ("EDPB"). The case involved the Data Protection...more
The second half of 2024 saw a myriad of Artificial Intelligence (AI) related legal and regulatory developments for the EU and UK, critically with the EU AI Act coming into force on 1 August 2024. This has been followed by...more
ust over a year ago, on 21 April 2022, the seven economies (Canada, Japan, the Republic of Korea, the Philippines, Singapore, Taiwan, and the USA) participating in the Asia-Pacific Economic Cooperation (APEC) Cross-Border...more
We’re now approaching the five-year anniversary of the General Data Protection Regulation (GDPR) taking full effect. In the run-up to 2018 and the period afterwards, there were many predictions about the likely direction of...more
Background Note: Data privacy has become a critical issue in the digital era, with laws and regulations constantly evolving. As a result, it’s important for cybersecurity, information governance, and legal discovery...more
On 12 July 2022, the European Data Protection Board (EDPB) adopted Statement 02/2022 on Personal Data Transfers to the Russian Federation, in which it confirmed that data transfers to Russia require a data transfer impact...more
The French Data Protection Authority (CNIL) has released a Q&A providing its position, possible alternative solutions as well as guidance on using a compliant audience measurement solution. It follows a set of formal notices...more
United Kingdom New Standard Contractual Clauses Submitted to Parliament - The United Kingdom has finalized its new International Data Transfer Agreement and Addendum to the new EU standard contractual clauses. Subject to...more
While everyone hoped that 2021 would be less tumultuous than 2020, it certainly did not turn out that way in the end. The same was true in the world of data privacy – with sweeping new data protection regulations and guidance...more
On Monday, 3 January 2022, the European Data Protection Board (“EDPB”) published the finalized version of its regulatory guidance entitled “Examples regarding Personal Data Breach Notification” (the “Guidelines”), following a...more
The German Data Protection Conference (DSK) issued guidance on the Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (‘TTDSG’), which went into effect on December 1, 2021...more
Welcome to this month's issue of The BR Privacy & Security Download, the digital newsletter of Blank Rome’s Privacy, Security & Data Protection practice. The rapid pace at which technology and data privacy and security...more
On 19 October 2021, the European Data Protection Board (EDPB) announced that it has published its final guidelines on the restrictions under Article 23 GDPR (Guidelines) following the end of its public consultation and...more
On 15 July 2021, the European Data Protection Board (the EDPB) issued a press release concerning its first urgent binding decision adopted under Article 66(2) GDPR (the Decision) in response to a request of the Hamburg...more
In this month’s edition of our Privacy & Cybersecurity Update, we examine the European Commission’s new Standard Contractual Clauses and the European Data Protection Board’s new recommendations on international data flows. We...more
Last year’s European Court of Justice (ECJ) judgement in Data Protection Commissioner v Facebook Ireland LTD, Maximillian Schrems, C-311/18 (Schrems II) continues to have ramifications for cross border data transfers. The...more
Orrick's Cyber, Privacy & Data Innovation and IP Licensing & Technology Transactions groups cover the top 10 things you need to know about the new Standard Contractual Clauses ("SCCs") published today by the European...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
On February 19, the European Commission (EC) published the draft of its much hoped-for adequacy decision for transfers of personal data to the UK under the EU General Data Protection Regulation (EU GDPR) (Draft Adequacy...more
In certain cases, the General Data Protection Regulation (GDPR) requires entities that experience a personal data breach to provide notice of the incident to relevant national supervisory authorities and the individuals whose...more
On January 18, 2021, the European Data Protection Board (EDPB), comprised of all national supervisory authorities (SAs) of the European Union, published draft guidelines for data breach notification (the Guidelines)....more
United States - Regulatory—Policy, Best Practices, and Standard - NIST Unveils Draft Guidance to Protect Critical Infrastructure - On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
Editors’ Note: This is the third in our fifth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year. Read our previous posts on Energy and Cannabis. A year ago,...more
On November 10, 2020, the European Data Protection Board (EDPB) adopted its long-awaited recommendations on (1) measures that supplement transfer tools to ensure transfers of personal data outside the European Economic Area...more
Earlier this month, the European Data Protection Board (EDPB) issued its long-anticipated draft guidance on supplemental tools to ensure that data transfers out of the European Union (EU) to third countries comply with the...more