On November 5, 2020, Hunton Andrews Kurth will host a panel discussion with representatives from the UK Information Commissioner’s Office (“ICO”) and the French Data Protection Authority (“CNIL”) to explore the latest developments on cookie guidance and compare their respective approaches. In our webinar titled “From a Regulator’s Perspective: Latest Developments on Cookie Guidance from the ICO and CNIL,” our speakers will discuss practical cookie law issues, including: Continue Reading Webinar on the Latest Developments on Cookie Guidance Featuring the UK ICO and CNIL

On October 13, 2020, France’s highest administrative court (the “Conseil d’État”) issued a summary judgment that rejected a request for the suspension of France’s centralized health data platform, Health Data Hub (the “HDH”), currently hosted by Microsoft. However, the Conseil d’État recognized that there is a risk of U.S. intelligence services requesting the data and called for additional guarantees under the control of the French data protection authority (the “CNIL”). Continue Reading French Highest Court Rejects Temporary Suspension of France’s Health Data Hub; Calls for Additional Guarantees Following Schrems II

On October 16, 2020, the UK Information Commissioner’s Office (“ICO”) announced its fine of £20,000,000 (approximately $25,850,000) for British Airways (“BA”), which is owned by International Consolidated Airlines Group, S.A, for violations of the EU General Data Protection Regulation (“GDPR”). This is a significant (approximately 90%) decrease from the proposed fine of £183,390,000 (approximately $230,000,000) announced by the ICO in July 2019, but is the largest fine imposed to date by the ICO.

Continue Reading ICO Fines British Airways £20 Million for Security Breach

On October 15, 2020, Brazil’s President Bolsonaro officially nominated the five Directors of the new Brazilian data protection authority (Agência Nacional de Proteção de Dados, “ANPD”), as published in the Brazilia Official Journal. The Decree establishing the ANPD, on which we reported earlier, is now fully in effect. All five nominations, however, must still be approved by the Brazilian Senate, which means there are further steps before the ANPD is fully established and operational.

Continue Reading Brazil Nominates Directors of the Brazil Data Protection Authority; Senate Approval Pending

During its 39th plenary session on October 8, 2020, the European Data Protection Board (“EDPB”) adopted guidelines on relevant and reasoned objection under the General Data Protection Regulation (“GDPR”) (the “Guidelines”). The Guidelines relate to the cooperation and consistency provisions set out in Chapter VII of the GDPR, under which a lead supervisory authority (“LSA”) has a duty to cooperate with other concerned supervisory authorities (“CSAs”) in order to reach a consensus.

Continue Reading EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

On October 12, 2020, the California Attorney General (“AG”) issued a third set of proposed modifications to the regulations implementing the California Consumer Privacy Act of 2018 (“CCPA”). As we previously reported, the long-awaited CCPA regulations were approved by the California Office of Administrative law and became effective on August 14, 2020. This new set of proposed modifications would revise portions of the regulations relating to the notice of right to opt-out, methods for submitting opt-out of sale requests, and verification of authorized agents. According to the AG’s website, the third set of modified draft regulations are subject to another public comment period. The deadline to submit written comments is October 28, 2020 at 5:00 p.m. (PST).

On October 6, 2020, the Court of Justice of the European Union (“CJEU”) handed down Grand Chamber judgments determining that the ePrivacy Directive (the “Directive”) does not allow for EU Member States to adopt legislation intended to restrict the scope of its confidentiality obligations unless they comply with the general principles of EU law, particularly the principle of proportionality, as well as fundamental rights under the Charter of Fundamental Rights of the European Union (the “Charter”).

Continue Reading CJEU Restricts Indiscriminate Access to Electronic Communications for National Security Purposes

The increasing development and use of AI technology is raising several compliance questions, particularly in the context of the EU General Data Protection Regulation (“GDPR”). The European Commission has already begun working on future AI legislation. Join us on October 14, 2020, for a webinar on Artificial Intelligence: Key Considerations for GDPR Compliance Today and Tomorrow. Continue Reading Webinar on Artificial Intelligence: Key Considerations for GDPR Compliance Today and Tomorrow

On October 1, 2020, the UK Information Commissioner’s Office (“ICO”) launched a public consultation on its draft Statutory Guidance (the “Guidance”). The Guidance provides an overview of the ICO’s powers and how it intends to regulate and enforce data protection legislation in the UK, including its approach to calculating fines.

Continue Reading ICO Launches Consultation on Its Draft Statutory Guidance

On September 30, 2020, the Belgian Data Protection Authority (the “Belgian DPA”) released its 2019 Annual Report (the “Report”). Notably, 2019 was the year of the Belgian DPA’s first fines under the EU General Data Protection Regulation (the “GDPR”) and the release of the Belgian DPA’s 2019-2025 Strategic Plan. Continue Reading Belgian Data Protection Authority Releases 2019 Annual Report