Tag archives: DPA

German DPAs publish templates and guidance on records of processing activities pursuant to Art. 30 GDPR

Data Protection Report - Norton Rose FulbrightThe German Data Protection Authorities (DPAs, acting as the German Data Privacy Conference, Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder) recently published templates for the records of processing activities for controllers (Art. 30 para. 1 GDPR) and processors (Art. 30 para. 2 GDPR) together with a corresponding guidance document. This guidance was expected to be released earlier … Continue reading

Hamburg DPA’s Safe Harbor Fines Spell Further Uncertainty and Risk for Global Companies

Data Protection Report - Norton Rose FulbrightOn June 6, 2016, Johannes Caspar – the Hamburg Commissioner for Data Protection – announced that the Hamburg Data Protection Authority (“DPA”) fined three companies for relying on the invalidated Safe Harbor framework to transfer data from the European Union to the companies’ operations in the United States. The DPA imposed the fines on Adobe, Punica … Continue reading

French National Assembly adopts “Digital Republic” bill

Data Protection Report - Norton Rose FulbrightOn January 26, 2016, the French National Assembly adopted the “Digital Republic” bill  — a comprehensive bill introducing various provisions to regulate the digital sphere within the French society. Access to public data, neutrality of the Internet, access to the digital sphere and communication networks are some of the main subjects covered by this bill. … Continue reading

Hamburg DPA leader addresses EU-US Privacy Shield

Data Protection Report - Norton Rose FulbrightOn February 5, 2016, Article 29 Working Party member and head of the Hamburg Data Protection Authority, Prof. Dr. Johannes Caspar, spoke about the EU-US Privacy Shield. Caspar observed that, once approved, the EU-US Privacy Shield system will initially be valid regardless of the decision of the European data protection authorities (DPAs). This is because the Privacy Shield will remain in force … Continue reading

German Data Protection Authorities Suspend BCR approvals, question Model Clause transfers

Data Protection Report - Norton Rose FulbrightFollowing on from the EU Article 29 Working Party Statement of 16 October 2015, the Conference of the German Data Protection Authorities – (“DPAs”) has today issued guidance (referred to as a Position Paper) on the consequences of the CJEU decision in the Schrems case (Case C-362/14).… Continue reading

CJEU decision in Schrems: what businesses should do next

Data Protection Report - Norton Rose FulbrightThis week, the Court of Justice of the European Union (“CJEU”) ruled that the EU-US Safe Harbor Decision is invalid in Case C-362/14 (the “Schrems” case).  This followed a similar opinion from its Advocate General, which also sets out the facts of the case. The decision will impact businesses that rely on the EU-US Safe Harbor … Continue reading

Day-after-Safe Harbor action plan: anticipating ECJ Schrems decision

Data Protection Report - Norton Rose FulbrightAs we have written extensively, the European Court of Justice’s (ECJ’s) ruling in the Schrems case on October 6, 2015 may effectively invalidate the US-EU Safe Harbor framework. While we believe that the Advocate General’s rationale for the proposal is weak, organizations that rely on the Safe Harbor are anxious about the consequences such a … Continue reading

Breach notice becomes law in the Netherlands; 11 things to know

Data Protection Report - Norton Rose FulbrightOn 26 May 2015, the Dutch Senate passed the Bill on Notification of data leaks. The law imposes an obligation on “data controllers” (the persons or entitis that determine the purpose of and means for processing personal data) in the Netherlands to notify the Dutch Data Protection Authority (CBP) and affected individuals. The law may require … Continue reading

EU’s “One Stop Shop” Proposal Focuses on “Main Establishment” as Nexus of DPA Enforcement Authority

Data Protection Report - Norton Rose FulbrightThis is Part 2 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it is. In this Part we examine the concept of main establishment and the position of entities without … Continue reading

UK Court of Appeal Establishes Data Protection Rights in Privacy Case

Data Protection Report - Norton Rose FulbrightA recent English Court of Appeal judgment could significantly broaden the circumstances in which data protection litigation can be brought – and damages can be awarded – under English law. Background Vidal-Hall et al v Google ([2015] EWCA Civ 311) involves claims brought by three individual users against Google. The users alleged that Google collected private … Continue reading

German draft bill to authorize privacy “class actions”

Data Protection Report - Norton Rose FulbrightThe German government recently released a draft bill seeking to grant authority to the country’s consumer and business associations to enforce compliance with data protection laws. Because the proposed draft bill appears to have received support from the governing parties, we believe there is a high probability of the bill being enacted in the near … Continue reading