JD Supra European Union › Fox Rothschild LLP

• JD Supra European Union

It's a new year and everyone makes resolutions, even the European Data Protection Board (EDPB). In its 2021-2023 strategy, the EDPB sets four pillars and action items associated with them, leaving the bombshell to the very last bullet point: focus on engagement and cooperation with supervisory authorities of third countries in enforcement cases involving controllers or processors...

• JD Supra European Union

Do any of these things pertain to your business? •Are you outsourcing your HR, IT or payroll function to a UK-based organization? •Are you using a UK-based marketing company to send marketing communications to your customer database?...

• JD Supra European Union

Garante, the Italian data protection authority, has issued FAQ's on CCTV surveillance and data protection. Highlighting the European Data Protection Board's (EDPB) guidelines on the topic, here are some takeaways: Area of Surveillance It is not necessary to reveal the precise location of the camera, as long as there is no doubt about which areas are subject to surveillance and the

• JD Supra European Union

“Increased usage of consumer products and industrial devices connected to the internet will also raise new risks for privacy, information- and cybersecurity, including increasingly potential impacts on the integrity and availability of products and data, which can directly affect safety,” says the Council of Europe in its “Conclusions on the cybersecurity of connected devices.”...

• JD Supra European Union

In the wake of the European Data Protection Board guidance on Post-Schrems II data transfers, which may render the question of using the clauses moot for some companies, the European Commission issued draft standard contractual clauses fit for the age of the General Data Protection Regulation (GDPR)...

• JD Supra European Union

In a detailed report titled "Ethics of Connected and Automated Vehicles," the European Commission sets out key data protection recommendations Definition: Connected and Automated Vehicles (CAVs) are vehicles that are both connected and automated and display one of the five levels of automation according to SAE International’s standard J3016, combined with the capacity to...

• JD Supra European Union

“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data transfers while guaranteeing an appropriate level of protection for people globally,” say Alessandra Pierucci, Chair of the Committee of Convention 108 and Jean-Philippe Walter,...

• JD Supra European Union

“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data transfers while guaranteeing an appropriate level of protection for people globally,” say Alessandra Pierucci, Chair of the Committee of Convention 108 and Jean-Philippe Walter,...

• JD Supra European Union

On the heels of the Court of Justice of the European Union’s decision in Schrems II, Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) has determined that the U.S.-Swiss Privacy Shield does not meet the “requirements of adequate data protection as defined by the FADP (Swiss Federal Act on Data Protection).” It issued a policy paper offering advice on transferring data to

• JD Supra European Union

New Zealand’s Data Protection Authority has offered its take on the Schrems II ruling that invalidated EU-U.S. Privacy Shield. “The Schrems litigation has again sent international shock waves in striking down a key EU/U.S. arrangement designed to facilitate data flows known as the Privacy Shield.”...

• JD Supra European Union

According to Italian Data Protection Authority Garante Per La Protezione Dei Dati Personale, The COVID-19 emergency does not automatically, and in itself, represent a sufficient legal basis for particularly invasive data processing, such as data processing aimed at allowing contact tracing by any public or private owner...

• JD Supra European Union

The European Court of Justice’s ruling in Schrems II, invalidating the EU-U.S. Privacy Shield framework as a means of transmitting personal data from the EU to the U.S., has drawn swift reaction from data protection authorities and other entities across Europe. Here are a few of the responses:...

• JD Supra European Union

The Court of Justice of the European Union (CJEU), in its decision in the Schrems II case, has invalidated the EU-U.S. Privacy Shield method for cross-border transfer of personal data from the European Union to the United States, citing surveillance practices by U.S. public authorities and inadequate legal recourse to EU individuals...

• JD Supra European Union

The European Data Protection Board has issued a statement on the adoption by the Hungarian government of derogations from certain data protection and access to information provisions of the European Union's General Data Protection Regulation...

• JD Supra European Union

Italy’s data protection agency, Italian Garante, has offered its opinion on a regulatory proposal for the creation of a COVID-19 tracing app. The proposed contact tracing system does not appear to conflict with the principles of personal data protection in that it:...

• JD Supra European Union

Coronavirus and Data Protection guidance from the Catalan Data Protection Authority: •Under Articles 6.1.(e) and 9.2.(i) GDPR, health authorities may share health data when this is needed for reasons of public interest in the field of public health, such as protection against serious trans-boundary health threats, or to guarantee high levels of quality and safety of healthcare and of...

• JD Supra European Union

The European Data Protection Board has published draft guidelines for public comment on the data protection aspects of connected vehicles. Key takeaways: The Relevant Players- Non exhaustive list of stakeholders: vehicle manufacturers, equipment manufacturers and automotive suppliers, car repairers, automobile dealerships, vehicle service providers, rental and car sharing companies, fleet...

• JD Supra European Union

Speak to me in algorithms. The European Data Protection Board (EDPB) has issued a letter on the appropriateness of the GDPR as a legal framework to protect citizens from unfair algorithms.

• JD Supra European Union

“Perhaps the more urgent need is to share ideas, instead of rushing to share people’s data,” writes European Data Protection Supervisor Wojciech Wiewiórowski. “More than ever, there is a need to illuminate new paths for rewarding more sustainable business models that do not rely on the ubiquitous and constant tracking of human behaviour and relationships, a practice which has already...

• JD Supra European Union

The International Association of Privacy Professionals is holding its 2019 Europe Data Protection Conference in Brussels. Partner Odia Kagan, who is in attendance, shares some takeaways from day two of the event.

• JD Supra European Union

The International Association of Privacy Professionals is holding its 2019 Europe Data Protection Conference in Brussels. Partner Odia Kagan, who is in attendance, shares some takeaways from day one of the event.

• JD Supra European Union

The European Data Protection Supervisor (EDPS) has issued guidance on the concepts of data controller and processor for European Union organizations. Though it covers EU institutions, the guidance contains many concepts that are applicable and instructive for other entities subject to the General Data Protection Regulation (GDPR).

• JD Supra European Union

The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR. Key takeaways: You need to develop, embed and maintain a culture of data protection in your processing activities, with compliance demonstrably supported from the top.

• JD Supra European Union

The European Commission expects the U.S. Department of Commerce (DoC) to request from companies evidence of the privacy provisions of the relevant contracts with third parties to assess compliance with the onward transfer principle.

• JD Supra European Union

Privacy Shield lives to shield another year (Part 1). The European Commission has published its third annual report on Privacy Shield.

• JD Supra European Union

The UK’s Information Commissioner’s Office shares its thoughts on the complexity of producing or deleting data used to train machine learning algorithms in data subject requests under GDPR.

• JD Supra European Union

The European Data Protection Board (EDPB) has issued final guidelines on the General Data Protection Resolution's (GDPR) legal basis of "Necessary for the Performance of a Contract" (Article 6(1)(b).

• JD Supra European Union

The Liechtenstein data protection authority has issued guidance on joint controllership under GDPR: Examples of joint controllers: 1.If two companies jointly organize a competition in which the name and address are collected by the participants for the subsequent delivery of the prizes.

• JD Supra European Union

Do I have to disclose documents with confidential internal correspondence, and comments from my staff as part of a GDPR data subject access request? The Court of The Hague says “Yes, you do.”

• JD Supra European Union

Shortly after the recent video surveillance guidance from the EDPB, the Information Commissioner of the Isle of Man published an updated CCTV data protection guidance. Key takeaways for controllers: General Considerations and Governance: CCTV images identify living individuals and are, therefore, personal data. This means that the use of CCTV will be covered by data...