On January 10, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth responded to a call for public comments from the European Data Protection Board regarding their Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR).
Continue Reading CIPL Responds to EDPB’s Calls for Public Comments on Recommendations for Controller Binding Corporate Rules
Data Processor
Irish Data Protection Commission Fines Meta €265 Million for Privacy Violations
Posted on
On November 25, 2022, Ireland’s Data Protection Commission released a decision fining Meta Platforms, Inc. €265 million for a 2019 data leak involving the personal information of approximately 533 million Facebook users worldwide.
Continue Reading Irish Data Protection Commission Fines Meta €265 Million for Privacy Violations
India Releases Fourth Draft of Data Protection Bill
Posted on
Posted in International
Kochhar & Co. reports that, on November 18, 2022, the Government of India released the long-awaited fourth draft of India’s proposed privacy law, now renamed the Digital Personal Data Protection Bill. …
Continue Reading India Releases Fourth Draft of Data Protection Bill
EDPB Publishes Guidelines on the Calculation of Administrative Fines Under the GDPR
Posted on
Posted in European Union, International
The European Data Protection Board recently adopted Guidelines 04/2022 on the calculation of administrative fines under the GDPR. This blog entry provides a summary of the Guidelines. …
Continue Reading EDPB Publishes Guidelines on the Calculation of Administrative Fines Under the GDPR
Thailand’s Personal Data Protection Act Enters into Force
Posted on
On June 1, 2022, Thailand’s Personal Data Protection Act entered into force after three years of delays.
Continue Reading Thailand’s Personal Data Protection Act Enters into Force
CPPA Holding Public Pre-Rulemaking Meetings on the CPRA on March 29 and March 30
Posted on
On March 29 and 30, 2022, the California Privacy Protection Agency will hold public pre-rulemaking informational sessions regarding the California Privacy Rights Act via video conference.
Continue Reading CPPA Holding Public Pre-Rulemaking Meetings on the CPRA on March 29 and March 30
EDPB Adopts Guidelines on Codes of Conduct as Tools for Transfers
Posted on
Posted in European Union, International
On February 22, 2022, the European Data Protection Board adopted its final Guidelines 04/2021 on Codes of Conduct as tools for transfers, following a public consultation that took place in 2021.
Continue Reading EDPB Adopts Guidelines on Codes of Conduct as Tools for Transfers
China Releases Draft Regulations on Network Data Security Management
Posted on
The Cyberspace Administration of China released for public comment the draft Regulations on Network Data Security Management. The Draft Regulations are intended to implement portions of three existing laws: the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law. In this blog entry, we discuss several of the key areas addressed by the Draft Regulations.
Continue Reading China Releases Draft Regulations on Network Data Security Management
CNIL Published Guidelines on Re-Use of Personal Data by Data Processors
Posted on
Posted in European Union, International
The CNIL recently published guidelines on the re-use of personal data by data processors for their own purposes (such as product improvement or development of new products and services) under the GDPR. We have outlined key takeaways from the Guidelines in this blog post.
Continue Reading CNIL Published Guidelines on Re-Use of Personal Data by Data Processors
The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR
Posted on
Posted in European Union, International
On November 19, 2021, the European Data Protection Board published its draft Guidelines 05/2021 on the interplay between the application of Article 3 of the GDPR, which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers.
Continue Reading The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR