On 9 November 2023, the Court of Justice of the European Union (CJEU) held that an EU Member State may not subject an information society service provider (ISSP) established in another EU Member State to general and abstract regulatory measures that deviate from measures of the Member State in which the ISSP is established (C‑376/22). In doing so, it declared the Austrian Communication Platforms Act and, by implication, many other national online platform regulations, inapplicable…
On July 10, 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). US companies that participate in the DPF will be deemed to provide “adequate protection” under Article 45 of the EU General Data Protection Regulation (“GDPR”) for personal data transfers received from the European Union (“EU”) and European Economic Area (“EEA”). Why did the EC need to adopt the adequacy decision for the DPF? As we have previously written, the…
This morning, the Digital Services Act (DSA) was published in the Official Journal of the European Union. This officially starts the countdown for service designation and the DSA’s application.
On 4 October the European Council officially approved the DSA. That means that the only thing left is for it to be published in the Official Journal, and a spokesperson said yesterday that is going to happen soon: “The DSA, a new online-content regulation, will be signed into EU law on 19 October, an EU spokeswoman has said…The signing ceremony will be held at the European Parliament in Strasbourg 19 October 2022. The DSA says…
In March 2022, U.S. and EU leaders reached an agreement in principle on a new accord to protect data flows entitled the Trans-Atlantic Data Privacy Framework (“EU-U.S. DPF”). Today, the US Government has taken important steps to implement this critical data flow framework, and strengthen legal certainty for EU to US personal data transfers. First, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities” (“EO”). The EO enhances privacy…
As of August 13th, 2022, Legislative Decree No. 104 dated June 27th, 2022 (the so-called “Transparency Decree”), implementing Directive (EU) 2019/1152, came into force, establishing specific privacy obligations for employers, who make use of automated decision-making or monitoring systems.
The EU Commission proposed a new regulation called the Data Act. It contains extensive obligations for B2C, B2B and B2G data sharing, as well as rules requiring providers of cloud services to facilitate switching and interoperability between service providers. We’ve set out below our key takeaways.
If you search for the word “innovation” in the GDPR you might be disappointed. Indeed, you will find no occurrence at all. In our current digital world, this is akin to an elephant in the room. Everybody sees that innovation is the driver of new services, a differentiator that ultimately has consequences on the growth of an economy. Everybody knows that most of the digital innovation relies on intense data processing. However, the most important…
*Article originally posted on IAPP.org* The European Commission recently issued its decision approving revised standard contractual clauses for data transfers to third countries in the official journal. The new SCCs arrive at a critical juncture in the regulation of cross-border data transfers, as there is significant uncertainty in the market around how to address cross-border data transfer restrictions. What is the legal context for the introduction of the new SCCs? The new SCCs are a…
*Article originally posted on IAPP.org* The European Commission recently issued its decision approving revised standard contractual clauses for data transfers to third countries in the Official Journal. The new SCCs are a mechanism companies can use to address the restriction under Article 44 in the EU General Data Protection Regulation on the cross-border transfer of personal data to third countries. Given the timing requirements in the commission’s decision, the U.S. and other service providers located in…