EU Archives

In Data Privacy & Security

EDPB Begins 2023 Coordinated Enforcement Action Focused on Data Protection Officers

April 6, 2023 by Brian Hengesbaugh, Cristina Messerschmidt, Alex Crowley, Francesca Gaudino and Vinod Bange 5 Mins Read

In brief The European Data Protection Board (EDPB) has begun the 2023 iteration of its annual coordinated enforcement action under the General Data Protection Regulation (GDPR). In coordination with twenty-six EDPB Supervisory Authorities (SAs), the EDPB will analyze the roles, tasks, resources, and positions of Data Protection Officers (DPOs) in public and private sector organizations. DPOs should expect to receive requests soon from Supervisory Authorities to respond to questionnaires intended to aid that analysis, describing…

In Data Privacy & Security

European Data Protection Board Raises Concerns on Proposed Data Transfer Framework

March 7, 2023 by Brian Hengesbaugh, Rachel Ehlers, Cristina Messerschmidt, Harry Valetk and Marcela Pertusi 3 Mins Read

In brief On February 28, 2023, the European Data Protection Board (“EDPB”) published its non-binding opinion on the European Commission’s draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). As we have previously written, the DPF is intended to re-establish one of the legal mechanisms for transfers of personal data from the European Union (“EU”) to the U.S. The DPF replaces the EU-U.S. Privacy Shield (“Privacy Shield”), which the EU Court of Justice (“CJEU”)…

In Cybersecurity

The proposed Cyber Resilience Act – a new direction in EU cyber legislation?

February 16, 2023 by Paul Glass 7 Mins Read

The European Commission proposed its first draft of the cybersecurity legislation, the Cyber Resilience Act (“CRA”), on 15 September 2022. The CRA is one part of a range of EU legislative measures aimed at increasing the overall cyber security and cyber resilience of the EU and businesses operating within it. The CRA will create a new regulatory framework and set of rules for software and hardware products falling under the definition of “products with digital…

In Cybersecurity

The Network and Information Security Directive 2 – what you need to know.

February 3, 2023 by Paul Glass 6 Mins Read

Cybercrime is an increasingly pressing problem for societies at large, with digital transformation, remote working and geopolitical issues bringing about increased cyber threats and attacks. In 2016 the European Parliament adopted the Network and Information Security Directive (NISD), the first EU-wide legislation on cybersecurity, and the revised legislation, NIS2, has just been published. NISD required the implementation of certain risk management and reporting obligations on operators of essential services (OES), which included entities maintaining critical…

In Digital Media & Content

EU Council gives DSA Final Approval: The clock is now ticking for service definition and product compliance

October 12, 2022 by John Groom 2 Mins Read

On 4 October the European Council officially approved the DSA. That means that the only thing left is for it to be published in the Official Journal, and a spokesperson said yesterday that is going to happen soon: “The DSA, a new online-content regulation, will be signed into EU law on 19 October, an EU spokeswoman has said…The signing ceremony will be held at the European Parliament in Strasbourg 19 October 2022. The DSA says…

In Technology, Media & Telecoms

P2B Enforcement Guidelines Update

September 21, 2022 by Helen Brown, Julia Hemmings and John McGovern 1 Min Read

Just over two years since the coming in to force of the Platform to Business Regulation (P2B), we take another look at developments in relation to enforcement action in key EU Member States and the UK. The past year has seen a notable increase in activity in Italy in particular, as well as several instances of enforcement in France and Germany. We also understand that competent authorities in several EU Member States are working on…

In Digital Media & Content

Aprobado el articulado final del Reglamento de Servicios Digitales (DSA) y del Reglamento de Mercados Digitales (DMA)

July 25, 2022 by Patricia Pérez, David Molina, Pablo Ulsé and Itziar Osinaga 1 Min Read

El Parlamento Europeo aprobó el 5 de julio el articulado final del Reglamento de Servicios Digitales (DSA) y del Reglamento de Mercados Digitales (DMA). Estas normas regulan la posición jurídica de proveedores de servicios digitales de intermediación (p. e. plataformas como marketplace, motores de búsqueda, redes sociales, servicios de hosting, etc.) y, consecuentemente, afectan también a todos los demás players (usuarios y empresas de todos los tamaños) que interactúan a través de sus servicios.…

In Data Privacy & Security

Consideration for EU Service Providers Supporting EU and Non-EU Customers

The new standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”) issued by the European Commission provide for, both, chances and challenges for EU service providers supporting EU and non-EU customers, some of which are outlined below. 1. When do the Ex-EU SCCs apply? EU service providers supporting non-EU customers might want to enter into the new Ex-EU SCCs with…

In EU GDPR

Intra-EU/EEA Standard Contractual Clauses: What you need to know

The European Commission (“EC”) recently issued a set of standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). The Intra-EU SCCs accompany a wider set of clauses issued for extra-EU/EEA personal data transfers (“Extra-EU SCCs”), covering transfers between different types of data processing actors (processors, controllers, sub-processors etc.). Both of them were published in the Official Journal of the European Union on June 7, 2021. The clauses for intra-EU data processing arrangements…

In Podcast

Podcast Episode 31 — EU Digital COVID Certificate – What it Does and What it’s For

June 7, 2021 by Brian Hengesbaugh and Francesca Gaudino 1 Min Read

In this episode of Connect on Tech, our host, Brian Hengesbaugh is joined by Francesca Gaudino, partner and head of Baker McKenzie’s Information Technology & Communications Group in Milan to discuss the EU Digital COVID Certificate that will facilitate safe free travel of citizens in the EU during the COVID-19 pandemic. On June 1, a month ahead of schedule, seven member states have decided to connect to the gateway and are issuing certificates, with more…