On August 11, 2020, the Court of Appeal of England and Wales overturned the High Court’s dismissal of a challenge to South Wales Police’s use of Automated Facial Recognition technology, finding that its use was unlawful and violated human rights.
Continue Reading UK Court of Appeal Finds Automated Facial Recognition Technology Unlawful in Bridges v South Wales Police
International
CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer
Posted on
On August 5, 2020, the French Data Protection Authority announced that it has levied a fine of €250,000 on a French online shoe retailer for various infringements of the GDPR. This is the first penalty under the GDPR enforced by the CNIL as the lead supervisory authority in cooperation with other EU supervisory authorities.…
Continue Reading CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer
European Commission and U.S. Department of Commerce to Discuss Enhanced EU-U.S. Privacy Shield Framework
Posted on
On August 10, 2020, European Commissioner for Justice Didier Reynders and U.S. Secretary of Commerce Wilbur Ross released a joint press statement following the ruling of the Court of Justice of the European Union in the Schrems II case.…
Continue Reading European Commission and U.S. Department of Commerce to Discuss Enhanced EU-U.S. Privacy Shield Framework
India Releases Draft Non-Personal Data Governance Framework
Posted on
Posted in International
On July 13, 2020, a Committee of Experts within India’s Ministry of Electronics and Information Technology published the first draft of a Non-Personal Data Governance Framework for India for public consultation.…
Continue Reading India Releases Draft Non-Personal Data Governance Framework
Department of Commerce Publishes FAQs Regarding Impact of Schrems II Decision
Posted on
The U.S. Department of Commerce has issued two new sets of FAQs in light of the CJEU’s recent decision to invalidate the EU-U.S. Privacy Shield in Schrems II. …
Continue Reading Department of Commerce Publishes FAQs Regarding Impact of Schrems II Decision
Schrems II Update: German SAs Require Additional Safeguards for U.S. Transfers and Max Schrems Set to Challenge Facebook Data Transfers Again
Posted on
Posted in European Union, International
On July 28, 2020, German supervisory authorities issued a statement reiterating the requirement for additional safeguards when organizations rely on Standard Contractual Clauses or Binding Corporate Rules for the transfer of personal data to third countries in the wake of the Court of Justice of the European Union’s invalidation of the Privacy Shield Framework.…
Continue Reading Schrems II Update: German SAs Require Additional Safeguards for U.S. Transfers and Max Schrems Set to Challenge Facebook Data Transfers Again
UK ICO Publishes First Two Reports from its Data Protection Sandbox Pilot
Posted on
Posted in Information Security, International
On July 23, 2020, the UK Information Commissioner’s Office published the first two reports from its Data Protection Regulatory Sandbox Beta phase, which launched in September 2019 as a pilot and involves the assessment of ten products and services that use personal data in innovative ways.…
Continue Reading UK ICO Publishes First Two Reports from its Data Protection Sandbox Pilot
EDPB Adopts Information Note on BCRs in Preparation for Brexit
Posted on
Posted in European Union, International
On July 22, 2020, the European Data Protection Board adopted an information note to assist organizations relying on Binding Corporate Rules for international personal data transfers, as well as supervisory authorities, in preparing for the end of the Brexit implementation period on December 31, 2020.…
Continue Reading EDPB Adopts Information Note on BCRs in Preparation for Brexit
EDPB Publishes FAQs on Implications of the Schrems II Case
Posted on
Posted in European Union, International
On July 24, 2020, the European Data Protection Board published a set of Frequently Asked Questions on the judgment of the Court of Justice of the European Union in the Schrems II case.…
Continue Reading EDPB Publishes FAQs on Implications of the Schrems II Case
Regulators Issue Reactions to Invalidation of EU-U.S. Privacy Shield Framework
Posted on
In the aftermath of the CJEU’s unexpected ruling, organizations in the EU and U.S. that rely on Privacy Shield certification for transfers of EU personal data are awaiting guidance from EU data protection regulators. …
Continue Reading Regulators Issue Reactions to Invalidation of EU-U.S. Privacy Shield Framework