Author

Andre Walter

Browsing

Introduction Recently, the European Commission published its evaluation report on the first two years of the General Data Protection Regulation (GDPR). The Commission focused on, in particular, two themes in its evaluation, being (1) international data transfers and (2) the cooperation and consistency among the European supervisory authorities. As to the latter, the Commission is of the opinion it should definitely be improved. With regard to international data transfer the Commission focuses on the review…

It has been two years since the GDPR came into force on 25 May 2018 and during that time, we have seen more guidance published at an EU level as well as from data protection authorities in Member States which has impacted how organisations approach areas of GDPR compliance. We have also seen enforcement action from data protection authorities across the EU and UK. There have also been other significant developments, over the past two…

With a changing digital landscape and emerging data driven technologies, the rules of the Directive on Privacy and Electronic Communications (Directive 2002/58/EC) are in need of updating. The proposed E-Privacy Regulation was intended to address new legal challenges and complement the General Data Protection Regulation (GDPR) in relation to privacy in electronic communications. The first draft of the E-Privacy Regulation was presented in January 2017, with the aim that it would be passed quickly and would apply from May…

On March 2, 2020, the Dutch Data Protection Authority (DDPA) published its notice of a monetary penalty notice, issued under the General Data Protection Regulation against the Dutch National Tennis Association. A fine in the amount of € 525,000 was imposed for the – allegedly – unauthorized sale of member data to the Association’s sponsors. This decision is relevant as it is the first monetary fine issued by the DDPA which relates to (direct) marketing…

At the doorstep of 2020, advocate general Hendrik Saugmandsgaard Øe (a.g.) rendered his opinion in the so called “Schrems II case” and opined on how European Court of Justice should deal with the GDPR’s regime for international data transfers. See here for a summary on the Schrems II case. In a series of blogs, we further elaborate on the consequences of that opinion and the impact it may have on the current international data transfer…

The European Union’s highest court, the Court of Justice of the European Union (CJEU), is evaluating the legitimacy of the EU standard contractual clauses (SCC). SCCs have been the bedrock of cross-border personal data transfers outside the EU for many years. Today, the advocate general (a.g.) has rendered an opinion on the Schrems II case. By way of brief background, Schrems II is a case before the Court of Justice of the European Union (CJEU)…