On September 10, 2021, the UK Government Department for Digital, Culture, Media & Sport launched a consultation on its proposed reforms to the UK data protection regime to reflect DCMS’s effort to deliver on Mission 2 of the National Data Strategy. The consultation will close on November 19, 2021, and CIPL will consult with members to prepare a formal response to the consultation.
Continue Reading DCMS Consults on National Data Strategy
Data Controller
Italian Garante Publishes Updated Guidelines on Cookies and Other Tracking Technologies
Posted on
Laura Liguori of Portolano Cavallo provides highlights on the Italian Data Protection Authority’s new version of its guidelines for cookies and other tracking mechanisms.…
Continue Reading Italian Garante Publishes Updated Guidelines on Cookies and Other Tracking Technologies
Dutch DPA Fines TikTok 750,000 EUR for Transparency Violations
Posted on
On July 22, 2021, the Dutch Data Protection Authority announced that it had imposed a 725,000 EUR fine on TikTok for violating the privacy of young children, namely for the company’s alleged lack of transparency.…
Continue Reading Dutch DPA Fines TikTok 750,000 EUR for Transparency Violations
Colorado Privacy Act Signed Into Law
Posted on
Posted in U.S. State Law
On July 8, 2021, Colorado Governor Jared Polis signed SB21-190, the Colorado Privacy Act, into law, making Colorado the third state to have a comprehensive data privacy law on the books, following California and Virginia. This blog entry provides a summary of the Act.…
Continue Reading Colorado Privacy Act Signed Into Law
EDPB Releases Final Recommendations on Supplementary Measures for International Transfers
Posted on
On June 21, 2021, the European Data Protection Board published the final version of its recommendations on supplementary measures in the context of international transfer safeguards, such as Standard Contractual Clauses.…
Continue Reading EDPB Releases Final Recommendations on Supplementary Measures for International Transfers
CJEU Issues Ruling on Jurisdictional Aspects of the GDPR’s One-Stop-Shop
Posted on
Posted in European Union, International
On June 15, 2021, the Court of Justice of the European Union released its judgment in case C-645/19 of Facebook Ireland Limited, Facebook Inc., Facebook Belgium BVBA v. the Belgian Data Protection Authority. We provide highlights of the case in this blog entry.…
Continue Reading CJEU Issues Ruling on Jurisdictional Aspects of the GDPR’s One-Stop-Shop
European Commission Publishes Final Version of Updated Standard Contractual Clauses
Posted on
Posted in European Union, International
On June 4, 2021, the European Commission published the final version of the implementing decision on standard contractual clauses for transfers of personal data to third countries under the EU General Data Protection Regulation, as well as the final version of the new standard contractual clauses.…
Continue Reading European Commission Publishes Final Version of Updated Standard Contractual Clauses
EDPS Opens Investigations Following Schrems II Judgment
Posted on
Posted in European Union, Information Security
On May 27, 2021, the European Data Protection Supervisor announced that it has opened two investigations regarding (1) the use of cloud services by European Union institutions, bodies and agencies; and (2) the use of Microsoft Office 365 by the European Commission.…
Continue Reading EDPS Opens Investigations Following Schrems II Judgment
CIPL Submits Response to the EDPB Guidelines on Virtual Voice Assistants
Posted on
The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its response to the European Data Protection Board consultation on draft guidelines on virtual voice assistants. The Guidelines were adopted on March 12, 2021 for public consultation.…
Continue Reading CIPL Submits Response to the EDPB Guidelines on Virtual Voice Assistants
Bavarian DPA Declares Transfers to E-mail Marketing Service Prohibited Due to Lack of Controller’s Assessment and Supplementary Measures
Posted on
On March 15, 2021, the state Data Protection Authority of Bavaria declared the use of U.S. e-mail marketing service Mailchimp by a fashion magazine in Bavaria impermissible due to lack of compliance with Schrems II mitigation steps for the transfer of e-mail addresses to the U.S.…
Continue Reading Bavarian DPA Declares Transfers to E-mail Marketing Service Prohibited Due to Lack of Controller’s Assessment and Supplementary Measures