Tag

GDPR

Browsing

It has been two years since the GDPR came into force on 25 May 2018 and during that time, we have seen more guidance published at an EU level as well as from data protection authorities in Member States which has impacted how organisations approach areas of GDPR compliance. We have also seen enforcement action from data protection authorities across the EU and UK. There have also been other significant developments, over the past two…

On 4 May 2020 the European Data Protection Board (“EDPB”) adopted updated guidelines on consent under the GDPR (the “New Guidelines”). The New Guidelines supersede the guidelines on consent originally adopted by the EDPB’s predecessor, the Article 29 Working Party, on 10 April 2018 (the “2018 Guidelines”), and subsequently endorsed by the EDPB. The New Guidelines clarify the EDPB’s position on two specific issues: Cookie Walls – consent is not valid if access to a…

Joining host Brian Hengesbaugh this episode is Dr. Lukas Feiler, a partner in Baker McKenzie’s Vienna office. Brian and Lukas discuss breach notification in Austria under the European Union’s General Data Protection Regulation (GDPR). Specifically, how to deal with the 72-hour requirement and some of the related strategic decisions. In this episode, you will learn about: What happens when Austrian data protection authorities follow up on a data breach notificationWhether having a “file early, file…

Francesca Gaudino, a partner in Baker McKenzie’s Milan office, joins this episode of Connect on Tech to discuss the December 18th opinion issued by the Advocates General (AG) of the Court of Justice of the European Union on Data Protection Commissioner v Facebook Ireland (Shrems II). In this episode you will learn: What this opinion means for the resolution of the case View of the AG on standard contractual clauses and how this may affect…

The European Union’s highest court, the Court of Justice of the European Union (CJEU), is evaluating the legitimacy of the EU standard contractual clauses (SCC). SCCs have been the bedrock of cross-border personal data transfers outside the EU for many years. Today, the advocate general (a.g.) has rendered an opinion on the Schrems II case. By way of brief background, Schrems II is a case before the Court of Justice of the European Union (CJEU)…

The European Union Commission (Commission) has issued a report on its findings from the third annual Privacy Shield review, which took place in September. In its report, the Commission confirmed that the EU-US Privacy Shield framework continues to ensure an adequate level of protection for personal data transferred from the EU to companies participating in the Privacy Shield program in the United States. In concluding its report, the Commission provided additional action items necessary to…

On 3 July 2019 the ICO published its new Guidance on the use of cookies and similar technologies (Guidance) which replaces the previous guidance on cookies (last updated in May 2012) and complements the ICO’s guidance on cookies in its Guide to PECR .Why has the ICO published new guidance now?Currently, the use of cookies is subject to two overlapping regimes: the Privacy and Electronic Communications Regulations (PECR), which implement the e-Privacy Directive in the…

On 4 May 2019, further amendments to the rules on processing personal data will come into force. They concern over 150 legal statutes and refer to both the private and public sector. Below we present the most important changes in the legal statutes that will be significant for the majority of companies:Labour CodeThe Act on Electronic Provision of Services (AEPS),Telecommunications LawPersonal Data Protection ActAmong other significant changed laws there are the Banking Law (e.g. with…

Polish DPA imposes EUR 220,000 fine for breach of Art. 14 GDPROn 26 March 2019, the Polish data protection authority (DPA) announced that it has imposed its first financial penalty amounting to EUR 220,000 (approx. PLN 943,000) on a data controller in Poland for failing to comply with the provisions of the GDPR. The controller is a company that aggregates personal data from publicly available registers, such as the Central Register and Information on Economic…

What does 2019 hold for businesses in the Technology, Media and Telecommunications sector and what legal and regulatory trends should be on their radar? A complex question in a world in which the boundaries between areas are blurring to an extent that car manufacturers are becoming tech companies, traditional content producers are launching their own direct-to-consumer streaming services, and telecommunications providers are moving into adjacent industries to make up for declines in traditional revenues. Everywhere,…