Category

Data Privacy & Security

Category

So far, much of the discussion surrounding last week’s Court of Justice of the European Union “Schrems II” decision has focused on the implications for personal data transfers to the United States or other non-European countries, but its impact will be felt in the UK, as well, and add a further layer of complexity for companies preparing for Dec. 31, when the Brexit transition period will end. The key question at this stage is whether…

The decision by the Court of Justice of the European Union in “Schrems II” provides that the controller-to-processor standard contractual clauses are a viable mechanism for data transfers from the EU to third countries but identified further conditions that need to be considered when implementing them to address the requirement to provide “adequate protection” to such transfers. The CJEU put the onus on data exporters to determine whether the exporter’s implementation of the C2P SCCs…

The ICO, together with The Alan Turing Institute, recently published its finalised guidance on explaining decisions made with AI, following a public consultation which closed in January this year. Who should read this? The guidance is relevant for any organisation using, or thinking of using, AI to support or make decisions about individuals (including if you are procuring an AI system from a third party).It will be of particular use for DPOs, and legal…

The Court of Justice of the European Union issued its decision in “Schrems II” Thursday, a landmark decision that invalidates the EU-U.S. Privacy Shield arrangement. Until July 16, Privacy Shield had served as an approved “adequacy” mechanism to protect cross-border transfers of personal data from the European Union to the United States under the EU General Data Protection Regulation. More than 5,000 organizations participate in Privacy Shield. Many thousands more EU companies rely on Privacy…

The European Court of Justice (“ECJ”) issued a landmark ruling earlier today that invalidates the EU – US Privacy Shield Framework (“Privacy Shield”) in Case C-311/18 (“Schrems II”).

Digital assets vary. They can be a virtual currency that has no analog in the real world, and exists only on the blockchain used as a substitute for money. For this reason, virtual currencies are generally considered to be secure and offering a high degree of privacy. A recent decision from a US federal court of appeals, however, may cast a different light on this generally held view. USA v. Gratkowski In United States v.…

Launched on June 2, the French mobile tracing app for COVID-19, “StopCovid,” has been voluntarily downloaded by 1.9 million users within three weeks. On June 3, the French Data Protection Authority (the CNIL) published its second opinion on StopCovid, relating to the implementation of the app and the related Executive Decree No. 2020-650 and to the Government’s data protection impact assessment. Following its first opinion of April 24, on the principle of the use of a…

Introduction Recently, the European Commission published its evaluation report on the first two years of the General Data Protection Regulation (GDPR). The Commission focused on, in particular, two themes in its evaluation, being (1) international data transfers and (2) the cooperation and consistency among the European supervisory authorities. As to the latter, the Commission is of the opinion it should definitely be improved. With regard to international data transfer the Commission focuses on the review…

On May 1, 2020, the Province of Alberta launched ABTraceTogether, an Android and iOS compatible contact tracing app users voluntarily download for tracing and notifying users who may have been exposed to COVID-19. ABTraceTogether is used by Alberta Health and Alberta Health Services (AHS) to supplement manual contact tracing completed by public health officials. ABTraceTogether was announced just prior to the issuance in May 2020 of joint guidance by the federal and provincial privacy commissioners…

For those privacy buffs following the status of the California Privacy Rights Act ballot initiative (CPRA), today is the much-anticipated deadline to officially decide whether the CPRA will qualify for the Fall 2020 ballot in November. The final answer? Yes, it will. Background CPRA (which was introduced by the Californians for Consumer Privacy in January 2020) is a ballot initiative that would both expand the scope of the existing California Consumer Privacy Act (CCPA) and…