Author

Francesca Gaudino

Browsing

In this episode, Harry Valetk is joined by partners Francesca Gaudino, based in Milan, and Michaela Nebel, based in Frankfurt, as they discuss privacy notice obligations. Listen in to hear about whether or not data privacy notifications are still relevant and other key considerations that may be overlooked including: How often companies and data protection officers should review their noticesEmployee vs. customer privacy noticesOnline vs. offline privacy noticesLanguage requirements and more https://open.spotify.com/episode/0oqo22X8U2xPCznVDqUJtp Want to Learn…

Friday 28 January 2022 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2022, our Global Data Privacy and Security Team have provided a roundup of key trends and developments across the globe from a data protection perspective as well as looking ahead to what to expect in 2022. There are new laws and developments to keep…

Italy experienced one of the longest and most severe lock-downs during the peak of the pandemic. This made it be one of the first countries to launch a national contact tracing App (Immuni) and a national COVID Certificate (green pass) and from October 15, Italy has become the first European country which has made the green pass mandatory to access the workplace. After an intense period of discussions, on September 21st Decree No. 127/2021 introduced…

The 43rd edition of the Global Privacy Assembly, GPA Mexico 2021 co-sponsored by Baker McKenzie, kicked off Monday with a full slate of virtual presentations and discussions. The program included speakers from regulators and data protection authorities, the private sector, think tanks and advocacy groups, NGOs, and academia—and covered topics ranging from facial recognition to the impact of data protection on marginalized communities. In case you weren’t able to catch the proceedings we’ve compiled some…

The 43rd edition of the Global Privacy Assembly, GPA Mexico 2021 co-sponsored by Baker McKenzie, kicked off Monday with a full slate of virtual presentations and discussions. The program included speakers from regulators and data protection authorities, the private sector, think tanks and advocacy groups, NGOs, and academia—and covered topics ranging from facial recognition to the impact of data protection on marginalized communities. In case you weren’t able to catch the proceedings we’ve compiled some…

*Article originally posted on IAPP.org* The European Commission recently issued its decision approving revised standard contractual clauses for data transfers to third countries in the official journal. The new SCCs arrive at a critical juncture in the regulation of cross-border data transfers, as there is significant uncertainty in the market around how to address cross-border data transfer restrictions. What is the legal context for the introduction of the new SCCs? The new SCCs are a…

The new standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”) issued by the European Commission provide for, both, chances and challenges for EU service providers supporting EU and non-EU customers, some of which are outlined below. 1. When do the Ex-EU SCCs apply? EU service providers supporting non-EU customers might want to enter into the new Ex-EU SCCs with…

The European Commission (“EC”) recently issued a set of standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). The Intra-EU SCCs accompany a wider set of clauses issued for extra-EU/EEA personal data transfers (“Extra-EU SCCs”), covering transfers between different types of data processing actors (processors, controllers, sub-processors etc.). Both of them were published in the Official Journal of the European Union on June 7, 2021. The clauses for intra-EU data processing arrangements…

On May 31, 2021, Max Schrems’ privacy organization, noyb (or “none of your business”), made over 500 complaints to companies related to what the organization called their “unlawful cookie banners.” Using automated scanning programs, nyob searched commonly used European websites and analyzed the cookie options provided on certain of these websites. nyob claims that it identified “more than fifteen common abuses” of cookie consent management, with some of the most prevalent “violations” identified as follows:…

The European Commission (“EC”) recently issued its revised standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and a companion set of standard clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). Both are now published in the Official Journal. The following is an introduction to the core elements of the Ex-EU SCCs and a brief overview of the Intra-EU SCCs. Legal Context The Ex-EU SCCs are a mechanism that companies can…