The CNIL recently published guidelines on the re-use of personal data by data processors for their own purposes (such as product improvement or development of new products and services) under the GDPR. We have outlined key takeaways from the Guidelines in this blog post.
Continue Reading CNIL Published Guidelines on Re-Use of Personal Data by Data Processors

The European Data Protection Supervisor recently issued a decision against the European Parliament in a case that resulted from a complaint submitted by certain Members of the European Parliament who alleged that the Parliament’s use of cookies violated data protection law, including requirements regarding the transfer of personal data outside of the EU.
Continue Reading EDPS Issues Decision on EU Parliament’s Cookie Violations

On December 21, 2021, the European Commission announced that it had adopted its adequacy decision on the Republic of Korea. The adequacy decision allows for the free flow of personal data between the EU and Korea, without any further need for authorization or additional transfer tool. The adequacy decision also covers transfers of personal data between public authorities.
Continue Reading European Commission Adopts South Korea Adequacy Decision

The Centre for Information Policy Leadership at Hunton Andrews Kurth recently published a white paper on “Bridging the DMA and the GDPR – Comments by the Centre for Information Policy Leadership on the Data Protection Implications of the Draft Digital Markets Act.” This blog entry provides highlights on the paper.
Continue Reading CIPL Publishes White Paper on the Interplay Between the Draft EU Digital Markets Act and the GDPR

On November 19, 2021, the European Data Protection Board published its draft Guidelines 05/2021 on the interplay between the application of Article 3 of the GDPR, which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers.
Continue Reading The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR

On November 18, 2021, the European Data Protection Board released a statement on the Digital Services Package and Data Strategy. The Digital Services Package and Data Strategy is composed of several legislative proposals that aim to facilitate the further use and sharing of personal data between more public and private parties; support the use of specific technologies, such as Big Data and artificial intelligence; and regulate online platforms and gatekeepers.
Continue Reading EDPB Releases Statement on the Digital Services Package and Data Strategy; Calls for Ban on Targeted Ads