Author

Francesca Gaudino

Browsing

The decision by the Court of Justice of the European Union in “Schrems II” provides that the controller-to-processor standard contractual clauses are a viable mechanism for data transfers from the EU to third countries but identified further conditions that need to be considered when implementing them to address the requirement to provide “adequate protection” to such transfers. The CJEU put the onus on data exporters to determine whether the exporter’s implementation of the C2P SCCs…

The European Court of Justice (“ECJ”) issued a landmark ruling earlier today that invalidates the EU – US Privacy Shield Framework (“Privacy Shield”) in Case C-311/18 (“Schrems II”).

It has been two years since the GDPR came into force on 25 May 2018 and during that time, we have seen more guidance published at an EU level as well as from data protection authorities in Member States which has impacted how organisations approach areas of GDPR compliance. We have also seen enforcement action from data protection authorities across the EU and UK. There have also been other significant developments, over the past two…

On 4 May 2020 the European Data Protection Board (“EDPB”) adopted updated guidelines on consent under the GDPR (the “New Guidelines”). The New Guidelines supersede the guidelines on consent originally adopted by the EDPB’s predecessor, the Article 29 Working Party, on 10 April 2018 (the “2018 Guidelines”), and subsequently endorsed by the EDPB. The New Guidelines clarify the EDPB’s position on two specific issues: Cookie Walls – consent is not valid if access to a…

*Survey last updated April 30, 2020* Our latest edition, spanning 39 jurisdictions, answers five common data privacy and security questions employers may have in light of COVID-19, especially as lockdowns are slowly being eased in some countries and employers prepare to re-open workplaces. As the world grapples with the COVID-19 pandemic and its profound impact across regions and industries, many companies are facing difficult business and legal challenges and are required to make some urgent…

In this episode of Connect On Tech, your host Brian Hengesbaugh is joined by Francesca Gaudino, a partner in our Milan office. Francesca reports on the on-the-ground situation in Italy in light of COVID-19 and issues Italian employers are facing. You will learn: If Italian employers can perform temperature checks on employers and visitorsWhat measures can be taken by Italian employers to protect their workforcesActions Italian employers can take if they discover an employer has COVID-19 https://open.spotify.com/episode/5d0lzrq5Rn0MrrUEKYT5ii Related…

The European Data Protection Board (EDPB) has published its draft guidelines on processing personal data in the context of connected vehicles for public consultation. The Guidelines have a wide reach and will apply to more than just vehicle manufacturers. We have summarised the key points and recommendations from the EDPB in the Guidelines below. The public can provide comments to the EDPB until March 20th, 2020. Thereafter, the EDPB will finalize and adopt the Guidelines,…

Following our previous analysis of the consequences of the opinion of the advocate general Hendrik Saugmandsgaard Øe (a.g.) in the Schrems II case, from the data exporter perspective (available here), we now focus on the implications of the same with respect to the position of the data importer. Indeed, in the following paragraphs, we will turn our attention to the content of the Controller to Processor Standard Contractual Clauses (SCC) and, in particular, to some…

In this blog post we further analyse the impacts of the opinion of the advocate general Hendrik Saugmandsgaard Øe (a.g.) in the Schrems II case. We will focus, more specifically, on what it means for data exporters and what consequences there may be for them, if the decision of Court of Justice of the European Union (CJEU) on the case is consistent with the a.g’s opinion. Data importers will be the focus of another post,…

Francesca Gaudino, a partner in Baker McKenzie’s Milan office, joins this episode of Connect on Tech to discuss the December 18th opinion issued by the Advocates General (AG) of the Court of Justice of the European Union on Data Protection Commissioner v Facebook Ireland (Shrems II). In this episode you will learn: What this opinion means for the resolution of the case View of the AG on standard contractual clauses and how this may affect…