-
JD Supra European Union › Fox Rothschild LLP
63 results for JD Supra European Union › Fox Rothschild LLP
-
New Year, New Plan: EDPB Issues 2021-2023 Strategy
It's a new year and everyone makes resolutions, even the European Data Protection Board (EDPB). In its 2021-2023 strategy, the EDPB sets four pillars and action items associated with them, leaving the bombshell to the very last bullet point: focus on engagement and cooperation with supervisory authorities of third countries in enforcement cases involving controllers or processors...
-
Brexit Implications For Companies With UK-Based HR, IT Or Payroll Partners
Do any of these things pertain to your business? •Are you outsourcing your HR, IT or payroll function to a UK-based organization? •Are you using a UK-based marketing company to send marketing communications to your customer database?...
-
Italy’s Data Protection Authority Publishes FAQs On CCTV
Garante, the Italian data protection authority, has issued FAQ's on CCTV surveillance and data protection. Highlighting the European Data Protection Board's (EDPB) guidelines on the topic, here are some takeaways: Area of Surveillance It is not necessary to reveal the precise location of the camera, as long as there is no doubt about which areas are subject to surveillance and the
-
Council Of Europe Lists Priorities For Securing Growing Number Of Connected Devices
“Increased usage of consumer products and industrial devices connected to the internet will also raise new risks for privacy, information- and cybersecurity, including increasingly potential impacts on the integrity and availability of products and data, which can directly affect safety,” says the Council of Europe in its “Conclusions on the cybersecurity of connected devices.”...
-
The European Commission’s Draft Standard Contractual Clauses: Key Takeaways
In the wake of the European Data Protection Board guidance on Post-Schrems II data transfers, which may render the question of using the clauses moot for some companies, the European Commission issued draft standard contractual clauses fit for the age of the General Data Protection Regulation (GDPR)...
-
European Commission Releases Autonomous Vehicle Privacy Recommendations
In a detailed report titled "Ethics of Connected and Automated Vehicles," the European Commission sets out key data protection recommendations Definition: Connected and Automated Vehicles (CAVs) are vehicles that are both connected and automated and display one of the five levels of automation according to SAE International’s standard J3016, combined with the capacity to...
-
Council Of Europe Suggests Convention 108+ As Schrems II Data Transfer Solution
“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data transfers while guaranteeing an appropriate level of protection for people globally,” say Alessandra Pierucci, Chair of the Committee of Convention 108 and Jean-Philippe Walter,...
-
Council Of Europe Suggests Convention 108+ As Schrems II Data Transfer Solution
“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data transfers while guaranteeing an appropriate level of protection for people globally,” say Alessandra Pierucci, Chair of the Committee of Convention 108 and Jean-Philippe Walter,...
-
Swiss Privacy Regulator Rules U.S.-Swiss Privacy Shield Not Adequate
On the heels of the Court of Justice of the European Union’s decision in Schrems II, Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) has determined that the U.S.-Swiss Privacy Shield does not meet the “requirements of adequate data protection as defined by the FADP (Swiss Federal Act on Data Protection).” It issued a policy paper offering advice on transferring data to
-
New Zealand Will Consider Schrems II Decision In Implementing Own Privacy Act
New Zealand’s Data Protection Authority has offered its take on the Schrems II ruling that invalidated EU-U.S. Privacy Shield. “The Schrems litigation has again sent international shock waves in striking down a key EU/U.S. arrangement designed to facilitate data flows known as the Privacy Shield.”...
-
Italy: COVID-19 Pandemic Is Not Carte Blanche For Invasive Data Processing
According to Italian Data Protection Authority Garante Per La Protezione Dei Dati Personale, The COVID-19 emergency does not automatically, and in itself, represent a sufficient legal basis for particularly invasive data processing, such as data processing aimed at allowing contact tracing by any public or private owner...
-
Governments, Data Protection Authorities React To EU-US Privacy Shield Ruling
The European Court of Justice’s ruling in Schrems II, invalidating the EU-U.S. Privacy Shield framework as a means of transmitting personal data from the EU to the U.S., has drawn swift reaction from data protection authorities and other entities across Europe. Here are a few of the responses:...
-
EU Court Of Justice Invalidates EU-US Privacy Shield, Now What?
The Court of Justice of the European Union (CJEU), in its decision in the Schrems II case, has invalidated the EU-U.S. Privacy Shield method for cross-border transfer of personal data from the European Union to the United States, citing surveillance practices by U.S. public authorities and inadequate legal recourse to EU individuals...
-
EDPB: Pandemic Is No Reason To Suspend GDPR
The European Data Protection Board has issued a statement on the adoption by the Hungarian government of derogations from certain data protection and access to information provisions of the European Union's General Data Protection Regulation...
-
Italy Offers Guidance On COVID-19 Contract Tracing Privacy
Italy’s data protection agency, Italian Garante, has offered its opinion on a regulatory proposal for the creation of a COVID-19 tracing app. The proposed contact tracing system does not appear to conflict with the principles of personal data protection in that it:...
-
Catalan DPA Issues Guidelines For COVID-19 Health Data Sharing Under GDPR
Coronavirus and Data Protection guidance from the Catalan Data Protection Authority: •Under Articles 6.1.(e) and 9.2.(i) GDPR, health authorities may share health data when this is needed for reasons of public interest in the field of public health, such as protection against serious trans-boundary health threats, or to guarantee high levels of quality and safety of healthcare and of...
-
EDPB Publishes Draft Guidelines On Connected Vehicles
The European Data Protection Board has published draft guidelines for public comment on the data protection aspects of connected vehicles. Key takeaways: The Relevant Players- Non exhaustive list of stakeholders: vehicle manufacturers, equipment manufacturers and automotive suppliers, car repairers, automobile dealerships, vehicle service providers, rental and car sharing companies, fleet...
-
EDPB: No Immediate Need For New Laws To Address Unfair Algorithms
Speak to me in algorithms. The European Data Protection Board (EDPB) has issued a letter on the appropriateness of the GDPR as a legal framework to protect citizens from unfair algorithms.
-
European Data Supervisor Urges Creation Of Less Invasive Digital Business Models
“Perhaps the more urgent need is to share ideas, instead of rushing to share people’s data,” writes European Data Protection Supervisor Wojciech Wiewiórowski. “More than ever, there is a need to illuminate new paths for rewarding more sustainable business models that do not rely on the ubiquitous and constant tracking of human behaviour and relationships, a practice which has already...
-
Dispatches From Day Two Of The IAPP Europe Data Protection Conference
The International Association of Privacy Professionals is holding its 2019 Europe Data Protection Conference in Brussels. Partner Odia Kagan, who is in attendance, shares some takeaways from day two of the event.
-
Dispatches From The IAPP Europe Data Protection Conference
The International Association of Privacy Professionals is holding its 2019 Europe Data Protection Conference in Brussels. Partner Odia Kagan, who is in attendance, shares some takeaways from day one of the event.
-
European Guidance On Data Controller And Processor Relationship Has Takeaways For GDPR, CCPA Compliance
The European Data Protection Supervisor (EDPS) has issued guidance on the concepts of data controller and processor for European Union organizations. Though it covers EU institutions, the guidance contains many concepts that are applicable and instructive for other entities subject to the General Data Protection Regulation (GDPR).
-
Isle Of Man Issues Guidance On Accountability Under GDPR
The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR. Key takeaways: You need to develop, embed and maintain a culture of data protection in your processing activities, with compliance demonstrably supported from the top.
-
Key Commercial Takeaways From The European Commission’s Third Annual Report On EU-U.S. Privacy Shield
The European Commission expects the U.S. Department of Commerce (DoC) to request from companies evidence of the privacy provisions of the relevant contracts with third parties to assess compliance with the onward transfer principle.
-
European Commission Issues Third Annual Report On Privacy Shield
Privacy Shield lives to shield another year (Part 1). The European Commission has published its third annual report on Privacy Shield.
-
What Does GDPR Say About Requests For Personal Data Being Used In Machine Learning Training?
The UK’s Information Commissioner’s Office shares its thoughts on the complexity of producing or deleting data used to train machine learning algorithms in data subject requests under GDPR.
-
EDPB Guidelines Explain ‘Necessary For The Performance Of A Contract’ Data Processing Basis
The European Data Protection Board (EDPB) has issued final guidelines on the General Data Protection Resolution's (GDPR) legal basis of "Necessary for the Performance of a Contract" (Article 6(1)(b).
-
Guidance From Liechtenstein On Joint Controllership Under GDPR
The Liechtenstein data protection authority has issued guidance on joint controllership under GDPR: Examples of joint controllers: 1.If two companies jointly organize a competition in which the name and address are collected by the participants for the subsequent delivery of the prizes.
-
Handling Confidential Internal Documents When Faced With A GDPR Data Subject Access Request
Do I have to disclose documents with confidential internal correspondence, and comments from my staff as part of a GDPR data subject access request? The Court of The Hague says “Yes, you do.”
-
Insights On Video Surveillance And Data Protection
Shortly after the recent video surveillance guidance from the EDPB, the Information Commissioner of the Isle of Man published an updated CCTV data protection guidance. Key takeaways for controllers: General Considerations and Governance: CCTV images identify living individuals and are, therefore, personal data. This means that the use of CCTV will be covered by data...