On January 18, 2021, the European Data Protection Board released draft Guidelines 01/2021 on Examples regarding Data Breach Notification. The Guidelines aim to assist data controllers in deciding how to handle data breaches, including by identifying the factors that they must take into account when conducting risk assessments to determine whether a breach must be reported to relevant supervisory authorities and/or the affected data subjects.
Continue Reading EDPB Publishes Guidelines on Examples regarding Data Breach Notification

On January 15, 2020, the European Data Protection Board and European Data Protection Supervisor adopted joint opinions on the draft Standard Contractual Clauses released by the European Commission in November 2020, both for international transfers and for controller-processor relationships within the EEA.
Continue Reading EDPB and EDPS Adopt Joint Opinions on Draft SCCs

On November 23, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted its response to the European Data Protection Board consultation on draft guidelines on relevant and reasoned objections under the General Data Protection Regulation cooperation and consistency mechanisms. This posts provides an overview of the EDPB’s guidelines and highlights CIPL’s response.
Continue Reading CIPL Submits Response to the EDPB Guidelines 09/2020 on Relevant and Reasoned Objections under the GDPR

On December 15, 2020, the Irish Data Protection Commission announced its fine of 450,000 Euros against Twitter International Company, following its investigation into a breach resulting from a bug in Twitter’s design. The fine is the largest issued by the Irish DPC under the GDPR to date and is also its first against a U.S.-based organization.
Continue Reading Irish DPA Issues Fine of 450,000 Euros Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism

On December 10, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted its response to the European Commission’s invitation for comments on its draft implementing decision on SCCs to be used for the transfer of personal data from a controller or processor subject to the GDPR to a controller or processor not subject to the GDPR.
Continue Reading CIPL Submits Response to European Commission’s Standard Contractual Clauses for the Transfer of Personal Data to Third Countries Pursuant to the GDPR

On November 6, 2020, Hunton attorneys Dora Luo and Yanchen Wang published a new Guidance Note for OneTrust DataGuidance on China’s data protection laws. The Guidance Note examines recent changes to China’s emerging cybersecurity and personal information protection framework.
Continue Reading Hunton Attorneys Publish Guidance Note on Changes to China’s Data Protection Laws

On December 10, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted its response to the European Commission’s invitation for comments on its draft implementing decision on standard contractual clauses between controllers and processors for purposes of Article 28 of the GDPR.
Continue Reading CIPL Submits Response to European Commission’s Article 28 Standard Contractual Clauses

On December 10, 2020, the French Data Protection Authority announced that it has levied fines on Google LLC, Google Ireland Limited and Amazon Europe Core for alleged violations of the French cookie rules. This post examines the French cookie rules, CNIL’s territorial jurisdiction, the investigations and the sanctions levied against each company.
Continue Reading CNIL Fines Google and Amazon 135 Million Euros for Alleged Cookie Violations