Fox Rothschild LLP (JD Supra European Union)

In the Connected and Automated Mobility (CAM) ecosystem, cybersecurity … should be seen as a core enabler that protects safety and provides value to products and services, and is integrated in the lifecycles of products’ and services’ activities., says the European Union’s Agency for Cybersecurity (ENISA) in a new report on the cybersecurity challenge in CAM...

The European Union Agency for Cybersecurity (ENISA) and the Joint Research Centre of the European Commission (JRC) have issued a joint guidance on “Cybersecurity Challenges in the Update of Artificial Intelligence in Autonomous Driving.”...

IAB Europe has updated its Guide to Post Third-Party Cookie Era. The guide provides a detailed overview of the various targeting techniques used today and some options and consideration going forward. Key Takeaways- The Issue- •A 2019 Google study showed that publisher ad revenue decreases by 52% when third-party cookies are not present in ad inventory...

It's a new year and everyone makes resolutions, even the European Data Protection Board (EDPB). In its 2021-2023 strategy, the EDPB sets four pillars and action items associated with them, leaving the bombshell to the very last bullet point: focus on engagement and cooperation with supervisory authorities of third countries in enforcement cases involving controllers or processors located...

Do any of these things pertain to your business? •Are you outsourcing your HR, IT or payroll function to a UK-based organization? •Are you using a UK-based marketing company to send marketing communications to your customer database?...

Garante, the Italian data protection authority, has issued FAQ's on CCTV surveillance and data protection. Highlighting the European Data Protection Board's (EDPB) guidelines on the topic, here are some takeaways: Area of Surveillance It is not necessary to reveal the precise location of the camera, as long as there is no doubt about which areas are subject to surveillance and the context of...

“Increased usage of consumer products and industrial devices connected to the internet will also raise new risks for privacy, information- and cybersecurity, including increasingly potential impacts on the integrity and availability of products and data, which can directly affect safety,” says the Council of Europe in its “Conclusions on the cybersecurity of connected devices.”...

In the wake of the European Data Protection Board guidance on Post-Schrems II data transfers, which may render the question of using the clauses moot for some companies, the European Commission issued draft standard contractual clauses fit for the age of the General Data Protection Regulation (GDPR)...

In a detailed report titled "Ethics of Connected and Automated Vehicles," the European Commission sets out key data protection recommendations Definition: Connected and Automated Vehicles (CAVs) are vehicles that are both connected and automated and display one of the five levels of automation according to SAE International’s standard J3016, combined with the capacity to receive and/or send...

“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data transfers while guaranteeing an appropriate level of protection for people globally,” say Alessandra Pierucci, Chair of the Committee of Convention 108 and Jean-Philippe Walter,...

“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data transfers while guaranteeing an appropriate level of protection for people globally,” say Alessandra Pierucci, Chair of the Committee of Convention 108 and Jean-Philippe Walter,...

On the heels of the Court of Justice of the European Union’s decision in Schrems II, Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) has determined that the U.S.-Swiss Privacy Shield does not meet the “requirements of adequate data protection as defined by the FADP (Swiss Federal Act on Data Protection).” It issued a policy paper offering advice on transferring data to

New Zealand’s Data Protection Authority has offered its take on the Schrems II ruling that invalidated EU-U.S. Privacy Shield. “The Schrems litigation has again sent international shock waves in striking down a key EU/U.S. arrangement designed to facilitate data flows known as the Privacy Shield.”...

According to Italian Data Protection Authority Garante Per La Protezione Dei Dati Personale, The COVID-19 emergency does not automatically, and in itself, represent a sufficient legal basis for particularly invasive data processing, such as data processing aimed at allowing contact tracing by any public or private owner...

The European Court of Justice’s ruling in Schrems II, invalidating the EU-U.S. Privacy Shield framework as a means of transmitting personal data from the EU to the U.S., has drawn swift reaction from data protection authorities and other entities across Europe. Here are a few of the responses:...

The Court of Justice of the European Union (CJEU), in its decision in the Schrems II case, has invalidated the EU-U.S. Privacy Shield method for cross-border transfer of personal data from the European Union to the United States, citing surveillance practices by U.S. public authorities and inadequate legal recourse to EU individuals...

The European Data Protection Board has issued a statement on the adoption by the Hungarian government of derogations from certain data protection and access to information provisions of the European Union's General Data Protection Regulation...

Italy’s data protection agency, Italian Garante, has offered its opinion on a regulatory proposal for the creation of a COVID-19 tracing app. The proposed contact tracing system does not appear to conflict with the principles of personal data protection in that it:...

Coronavirus and Data Protection guidance from the Catalan Data Protection Authority: •Under Articles 6.1.(e) and 9.2.(i) GDPR, health authorities may share health data when this is needed for reasons of public interest in the field of public health, such as protection against serious trans-boundary health threats, or to guarantee high levels of quality and safety of healthcare and of medicines

The European Data Protection Board has published draft guidelines for public comment on the data protection aspects of connected vehicles. Key takeaways: The Relevant Players- Non exhaustive list of stakeholders: vehicle manufacturers, equipment manufacturers and automotive suppliers, car repairers, automobile dealerships, vehicle service providers, rental and car sharing companies, fleet...

Speak to me in algorithms. The European Data Protection Board (EDPB) has issued a letter on the appropriateness of the GDPR as a legal framework to protect citizens from unfair algorithms.

“Perhaps the more urgent need is to share ideas, instead of rushing to share people’s data,” writes European Data Protection Supervisor Wojciech Wiewiórowski. “More than ever, there is a need to illuminate new paths for rewarding more sustainable business models that do not rely on the ubiquitous and constant tracking of human behaviour and relationships, a practice which has already damaged...

The International Association of Privacy Professionals is holding its 2019 Europe Data Protection Conference in Brussels. Partner Odia Kagan, who is in attendance, shares some takeaways from day two of the event.

The International Association of Privacy Professionals is holding its 2019 Europe Data Protection Conference in Brussels. Partner Odia Kagan, who is in attendance, shares some takeaways from day one of the event.

The European Data Protection Supervisor (EDPS) has issued guidance on the concepts of data controller and processor for European Union organizations. Though it covers EU institutions, the guidance contains many concepts that are applicable and instructive for other entities subject to the General Data Protection Regulation (GDPR).

The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR. Key takeaways: You need to develop, embed and maintain a culture of data protection in your processing activities, with compliance demonstrably supported from the top.

The European Commission expects the U.S. Department of Commerce (DoC) to request from companies evidence of the privacy provisions of the relevant contracts with third parties to assess compliance with the onward transfer principle.

Privacy Shield lives to shield another year (Part 1). The European Commission has published its third annual report on Privacy Shield.

The UK’s Information Commissioner’s Office shares its thoughts on the complexity of producing or deleting data used to train machine learning algorithms in data subject requests under GDPR.

The European Data Protection Board (EDPB) has issued final guidelines on the General Data Protection Resolution's (GDPR) legal basis of "Necessary for the Performance of a Contract" (Article 6(1)(b).