The opinion includes whether consent is ‘freely given’ pursuant to the ePrivacy-Directive and GDPR and insight on what constitutes ‘informed consent.’
On January 21,2019 the French data protection authority (the CNIL) imposed a major fine on the U.S. Google entity, Google LLC. It follows two complaints filed as soon as the GDPR came into force by two consumer rights associations, None of Your Business and La Quadrature du Net.
We focus here on four key aspects of the decision: (a) why the Irish Data Protection Commission (Irish DPC) did not take the case; (b) the consent mechanism failings; (c) the privacy policy failings; and (d) the amount of the fine.
On January 23rd 2019, the European Commission adopted its adequacy decision in relation to the export of personal data from the European Union (EU) to Japan. Concurrently, Japan has adopted an equivalent decision in relation to the
On 25 November 2018 the UK Government and the EU agreed a draft withdrawal agreement which set out the terms of the UK’s departure from the EU and made a political declaration on the framework for their future relationship, as
The Court of Appeal has upheld a decision of the High Court holding that an employer can be vicariously liable for data breaches caused by the actions of an employee, even where the employee’s actions were specifically intended to harm the employer. This decision is significant as it means a company can be held liable to compensate affected data subjects for loss caused by a data breach, even where the company has committed no wrongdoing and regardless of the employee’s motive.
On 13 September 2018 the UK government’s Department for Digital, Culture, Media & Sport published a notice, Data Protection If There’s No Brexit Deal (the Notice). The Notice sets out the actions UK organisations should take to enable the
Websites go dark, complaints are filed within an hour, European Commission suffers an embarrassing data leak, and the US Commerce Secretary warns about the unintended trade impact of the law – all in the first week of the GDPR
The European Union’s far-reaching General Data Protection Regulation (GDPR) went into effect on 25 May amid much anticipation. Although the date itself was seen as a watershed moment, what comes after will reveal the full impact of the law. Even for those businesses that have declared that their GDPR compliance efforts have completed, the work of maintaining and updating their privacy and data protection framework will need to continue well after 25 May. We have also yet to see how 28 EU member states and the Court of Justice of the European Union will interpret the law.
In the days leading up to 25 May, millions of inboxes were filled with updated privacy notices and requests for marketing consent and pop-up notices for cookies were added to websites across the globe, as many businesses contemplated if and how the new law applies to them. Just in the first week, we are seeing glimpses of what lays ahead. Certain American news publications decided to shut themselves off to European users on their websites, a first series of complaints were filed against US tech giants and their subsidiaries, and the European Commission, in an embarrassing turn of events, was found to have had a data leak on one of its websites, Europa.eu. Just five days after the law has gone into effect, Wilbur Ross, the US Commerce Secretary, published an opinion piece in the Financial Times, that warns: “EU data privacy laws are likely to create barriers to trade.”
We take a look at the initial reactions and events that occurred in the first week following the implementation of the GDPR, provide some insight into the GDPR’s impact on the digital economy and trade and provide, as we always do, some practical tips for how to manage privacy and cybersecurity risks in this ‘new era’.
The German Data Protection Authorities (DPAs, acting as the German Data Privacy Conference, Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder) recently published templates for the records of processing activities for controllers (Art. 30 para. 1 GDPR) and
The GDPR will come into force exactly four months from Thursday. In preparation, the European Commission has released a new website with extensive guidance on GDPR implementation, together with a Fact Sheet containing Q&As on the GDPR. While much of the guidance is already known to privacy professionals, there are new insights as well.
On April 27, 2017, the German Federal Parliament voted to approve the new proposed German Federal Data Protection Act (“new FDPA”). The law would adapt the current German data protection law to the EU General Data Protection Regulation (GDPR). The federal chamber of the states, the German Federal Council, is expected to approved the new FDPA in the next month, without major changes. Once approved by the Federal Council, the new FDPA will become effective on May 25, 2018, the same date as the GDPR.
The new FDPA seeks to enhance privacy protections in areas where the GDPR allows EU Member States to deviate from the Regulation.