Tag

EU

Browsing

Introduction Recently, the European Commission published its evaluation report on the first two years of the General Data Protection Regulation (GDPR). The Commission focused on, in particular, two themes in its evaluation, being (1) international data transfers and (2) the cooperation and consistency among the European supervisory authorities. As to the latter, the Commission is of the opinion it should definitely be improved. With regard to international data transfer the Commission focuses on the review…

It has been two years since the GDPR came into force on 25 May 2018 and during that time, we have seen more guidance published at an EU level as well as from data protection authorities in Member States which has impacted how organisations approach areas of GDPR compliance. We have also seen enforcement action from data protection authorities across the EU and UK. There have also been other significant developments, over the past two…

The European Commission has published a Recommendation for use of technology and data to combat and exit from the COVID-19 crisis, in particular concerning mobile apps and use of anonymised mobility data. What does the Recommendation cover? The Recommendation establishes a process for developing a common approach (Toolbox) to use digital measures to address the COVID-19 crisis.  The Toolbox will include practical measures for making effective use of technology and data, focusing on a: Pan-European…

The European Data Protection Board (EDPB) has published its draft guidelines on processing personal data in the context of connected vehicles for public consultation. The Guidelines have a wide reach and will apply to more than just vehicle manufacturers. We have summarised the key points and recommendations from the EDPB in the Guidelines below. The public can provide comments to the EDPB until March 20th, 2020. Thereafter, the EDPB will finalize and adopt the Guidelines,…

The European Commission’s New Deal for Consumers will apply to traders that target consumers in the EU from 28 May 2022. Organisations impacted by the New Deal have two years to get into shape – which is advisable, because the New Deal empowers regulators across the EU to impose GDPR-style fines for breaches of consumer legislation. Like the GDPR before it, the changes will affect most functions within businesses affected by the New Deal. Organisations…

A key part of the EU’s New Deal for Consumers entered into force on January 7, 2020: the Omnibus Directive, which strengthens consumer rights through enhanced enforcement measures and increased transparency requirements. The headline changes introduced by the new Directive are: GDPR-style penalties.A requirement for increased transparency online, in particular for search result rankings and personalized pricing.The extension of consumer rights to “free” digital content and services. EU Member States have two years to transpose…

The European Union’s highest court, the Court of Justice of the European Union (CJEU), is evaluating the legitimacy of the EU standard contractual clauses (SCC). SCCs have been the bedrock of cross-border personal data transfers outside the EU for many years. Today, the advocate general (a.g.) has rendered an opinion on the Schrems II case. By way of brief background, Schrems II is a case before the Court of Justice of the European Union (CJEU)…

The Austrian Data Protection Authority, headed by the chair of the European Data Protection Board (EDPB), provided a clear way forward for advertising-based business models.Following a complaint against an Austrian newspaper, the Austrian Data Protection Authority (DPA) decided that the prohibition on making the provision of a service conditional on consent (“coupling prohibition”; Article 7(4) GDPR) can effectively be circumvented by additionally offering a consent-free equivalent service for a reasonable remuneration (case no. DSB-D122.931/0003-DSB/2018; the…

2016 saw further seismic changes to the data protection framework globally and, in particular, the EU. The year heralded the long-negotiated GDPR, the NIS Directive, the Privacy Shield and ended with a flurry of further developments at EU and UK level.We have pulled together a summary of key developments as well as things to watch out for in 2017.Article 29 Working Party (“WP29”) Guidelines on GDPRThe WP29 adopted guidelines on three major GDPR requirements, namely:DPOLead…

Access our “EU GDPR in 13 Game Changers” Publication here.On 25 May 2016, the GDPR finally entered into force after years of consulting, drafting and negotiating at various levels. It will start to apply as of 25 May 2018 giving organisations a limited window to get ready for the new rules. The real work starts nowWhile the EU legislators might be leaning back now with the GDPR officially in force, for private and public sector…