Foley Hoag LLP - Security, Privacy and the Law (JD Supra European Union)

32 results for Foley Hoag LLP - Security, Privacy and the Law (JD Supra European Union)

  • Cybersecurity 2020 – The Year in Preview: New Guidance Continues to Clarify GDPR’s Scope

    Editors’ Note: This is the sixth in our fourth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year. Our previous entry discussed the CCPA, energy, Brexit, health care regulation, and state enforcement trends.

  • EU Commission Issues Communication about GDPR

    The EU Commission issued today a “Communication to the European Parliament and the Council” which is entitled “Data protection rules as a trust enabler in the EU and beyond- taking stock”, which outlines the current state of EU data protection, with particular focus on the impact of GDPR. 1. The implementation of GDPR in the EU - The Commission notes that all EU Member States have updated...

  • Happy Birthday, GDPR!

    Dear GDPR, Before you were born, you already attracted a lot of attention, after all, not everyone is born over two years after they are conceived and has 28 parents! And your parents had to ?resist an enormous pressure from people who predicted that once you were born, you would be a nightmare. Well, now that you have been in this world for one year, your aunts and uncles in California, who...

  • EDPB Issues Opinion on the Interplay between the Clinical Trials Regulation and the GDPR

    On January 23, 2019, the European Data Protection Board (“EDPB”) issued an interesting opinion about personal data processed in relation to clinical trials. The main role of the EDPB – which succeeded the Article 29 Working Party – is to contribute to the consistent application of the GDPR throughout the European Union. Its tasks include providing general guidance to clarify the law and...

  • GDPR Alert: Google Gets Biggest Fine Ever Issued by a European Data Protection Authority

    On 21 January 2019, the French Data Protection Authority (the “French DPA”) fined Google LLC 50 million euros for breach of the GDPR. As we reported on this blog, just after GDPR became applicable, noyb.eu (None of Your Business), the non-profit privacy organization set up by Max Schrems, the Austrian lawyer who initiated the action against Facebook that led to the invalidation of the Safe...

  • Is the Right to be Forgotten National, European or Worldwide? The Advocate General Issues an Opinion in the Google Case

    On January 10, 2019, Advocate General Szpunar issued his much awaited opinion in the Google case that was referred to the European Court of Justice by the French “Conseil d’Etat”, the highest administrative court of the country. The Conseil d’Etat basically asked the European Court of Justice to follow-up on its Google Spain decision: is the right to be forgotten – i.e., the right of individuals...

  • Basics for Sharing Direct Marketing Databases with Business Partners in the EU

    Many companies share personal information they gather directly from individuals with “business partners” who use the information for their own direct marketing purposes. It is the case, for example, of companies that provide services on the internet free of charge but gather and sell the data related to their users to business partners. As the Washington Post recently learned, companies with this

  • GDPR Creates Rugby Scrum

    In a recent trip to Ireland, I was surprised to see two subjects that Ireland is known for — GDPR and rugby — coming into conflict. As reported in the Sunday Business Post, World Rugby was lobbying the Irish government to create new data protection laws to address the interaction of anti-doping testing and the laws regarding transfer of data among and between different countries...

  • Three Things Not to be Forgotten about the GDPR’s “Right to be Forgotten”

    Our experience in advising clients about GDPR and assisting them in the compliance process is that there are often misconceptions about the so-called “right to be forgotten”. The purpose of this post is to address some of these misconceptions.

  • Understanding GDPR and Its Impact on You, Your Company and Your Customers

    To understand GDPR, you must see the cultural gap between EU and US - EU Data Protection Rules (aka GDPR) - Why should you care about those rules? • They aren’t going away: in fact, similar rules will start coming from within the US. • Fines: Supervisory Authorities are able to impose administrative fines of up to 20 million Euros, or 4% of total worldwide revenues of the preceding...

  • Schrems’ Privacy Organization Files First Complaints Based on GDPR

    On Friday, May 25, the day when GDPR became effective, noyb.eu (None of Your Business), the non-profit privacy organization recently set up by Max Schrems, filed the first complaints based on GDPR. Max Schrems is the Austrian privacy lawyer who had complained about the transfer of his data to the United States by Facebook: he argued that, in light of the Snowden revelations, once his data was...

  • GDPR: Q&A for Investment Advisers and Private Fund Managers

    As many of you may already be aware, the European GDPR goes into effect during May 2018. Below are some frequently asked questions and answers about GDPR as a short guide to assist investment advisers and private fund managers with initial GDPR analysis.

  • The New EU General Data Protection Regulation: What It Means For US Healthcare/Life Science Companies

    Cultural gap between the EU and the US - EU Data Protection Rules - Why should you care about those rules? ..GDPR is « general » i.e. it applies to all activities including the Healthcare/Life Sciences. ..As of May 2018: Supervisory Authorities can impose administrative fines of up to: 20 million Euros, or 4% of total worldwide turnover of the preceding financial year, whichever is...

  • Schrems v. Facebook: The Show Must Go On In Vienna, But Now As A One-Man Show

    Recently, Austrian privacy activist Maximilian Schrems won a partial victory in his continuing battles with Facebook. We discuss that case below. But first, we review his prior tilts with Facebook.

  • What IP Practitioners Should Know About GDPR And Personal Data Protection In Europe

    In the European Union (“EU”), “everyone has the right to the protection of personal data concerning him or her” under the Charter of Fundamental Rights. Intellectual property is also protected as a fundamental right under the Charter, as is freedom of speech. These rights can sometimes conflict. In two previous posts on cases about linking to Playboy pictures and the inspiration for Jeff Koons’...

  • Privacy Shield: Article 29 Working Party Calls Upon the European Commission and US Authorities to Restart Discussions

    On November 28, 2017, the EU’s Article 29 Working Party issued its report on the First Annual Joint Review of the EU-US Privacy Shield, which was conducted on September 18-19, 2017.

  • GRDP Update: WP29 Guidelines adopted for Data Protection Impact Assessment

    The new GDPR is much more detailed than the 1995 Directive. The GDPR has 99 articles, versus 34 in the Directive. And a few new key concepts clearly require new guidance.

  • EU Updates on Schrems II and the Privacy Shield

    The current challenge to Facebook’s privacy practices in Ireland (“Schrems II”) may be coming to a head. You will recall that in Schrems I, the challenge to Facebook’s privacy practices led to a decision issued by the European Court of Justice that invalidated the US-EU Safe Harbor. Following the invalidation of the Safe Harbor, Facebook switched to the Commission’s Standard Contractual Clauses

  • Schrems II Judgment Rendered

    A 152 page judgment was rendered on October 3, 2017 by the Irish High Court in Schrems II: DPC v Facebook Final. Nor surprisingly, the court decided to refer the case to the Court of Justice of the European Union to make a decision about the validity of the three decisions ?issued by the Commission for the Standard Contractual Clauses.  The court also referred a question to the CJEU about the

  • The European Watchdogs Issue First Guidelines On GDPR

    The new (EU) 2016/679 General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. Its scope is broader than that of the current 95/46/CE Directive, which means that more companies headquartered outside of the EU will have to comply with European data protection rules than under the current regime.

  • What to Expect from the EU’s New Network and Information Security Directive

    On July 6, 2016, the European Union adopted Directive (EU) 2016/1148, “concerning measures for a high common level of security of network and information systems across the Union,” otherwise known as the Network and Information Security Directive. (A directive, in EU parlance, is an instruction to member states to achieve a particular objective and a general framework for how to do so. This...

  • Which U.S. Businesses Must Comply with EU Data Protection Laws?

    What the recent Amazon decision tells us - On 28 July 2016, the European Court of Justice rendered a decision in a dispute between an Austrian Consumer Protection organization known as VKI (Verein für Konsumenteninformation) and Amazon EU Sàrl, a subsidiary of Amazon registered in Luxembourg. The main issue in this case is whether Amazon General Conditions were enforceable under Consumer...

  • Article 29 Working Party on the EU-US Privacy Shield: A Number of Concerns Remain But Let’s See How It Works

    Article 29 Working Party on the EU-US Privacy Shield: The EU’s Article 29 Working Party analyzed the final version of the Privacy Shield and issued a statement on July 26, 2016. What does this mean?

  • New Data Protection Obligations In Europe: Data Protection Officers and Impact Assessment under the New General Data Protection Regulation (GDPR)

    The full text of the General Data Protection Regulation (GDPR) was published on 4 May 2016. Although the GDPR will not be effective until 25 May 2018, it is worth looking into it right now given the major changes it makes to the rules in the 1995 Directive.

  • EU-US Data Transfers?: An update on actions taken by European DPAs

    After the European Court of Justice invalidated Safe Harbor on October 6, ?2015, the Article 29 Working Party announced in an October 16, 2015 statement that US companies that were Safe Harbor certified had until the end of January 2016 to find alternative means to transfer data to the US and, if they failed to do so, EU Data Protection Authorities would pursue enforcement measures. DPAs in...

  • Update on EU-US Transfer of Data and the Proposed Privacy Shield

    On 29 February the European Commission released its draft adequacy decision about the proposed Privacy Shield, which is intended to replace the invalidated EU-US Safe Harbor. While Microsoft stated on April 11 that they “pledged to sign up for the Privacy Shield,” the European authorities have so far been much more skeptical.

  • EU General Data Protection Regulation Adopted

    After years of intense discussions, the EU General Data Protection Regulation (GDPR) was finally adopted on 14 April 2016. The GDRP sets out uniform new rules in the field of data protection across the EU, rules that will standardize the law in the 28 EU Member States and have an impact on both European and non-European companies. For example...

  • EU Safe Harbor Update: No Solution in January?

    As we have noted previously, in the wake of the ECJ’s decision that undid the US-EU Safe Harbor, we were told that there would be no enforcement of the EU Directive until after January 31, to allow the US and EU to hammer out a new regime.

  • European Union Agrees On a New Data Protection Framework Tol Replace the 95/46/CE Directive: Meet the “General Data Protection Regulation”

    On 15 December 2015, the three main European institutions, the Commission, the Parliament and the Council, agreed on the final text of the General Data Protection Regulation (GDPR) which has been on the table since January 2012. This is a major achievement, given the number of obstacles that still needed to be overcome a few weeks ago in order to meet the end of 2015 deadline for finalizing the...

  • Weltimmo v. Hungarian Data Protection Authority: EU Rules on What It Means To Be “Established” in a Jurisdiction

    While the Schrems decision invalidating the US-EU Safe Harbor Program is rightly attracting a great deal of attention (as well as blogging and webinars) – and leaving many wondering what to do in the absence of the US-EU Safe Harbor System – companies doing business in the EU need also to consider the impact of another recent decision, reached just days before Schrems. In Case c-230/14, Weltimmo

  • Request a trial to view additional results

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT