On June 17, 2021, Senator Kirsten Gillibrand (D-NY) announced the reintroduction of the Data Protection Act of 2021, which would create an independent federal agency, the Data Protection Agency, to “regulate high-risk data practices and the collection, processing, and sharing of personal data.”
Continue Reading Senator Gillibrand Announces Renewed Data Protection Act 2021
Data Protection Authority
CJEU Issues Ruling on Jurisdictional Aspects of the GDPR’s One-Stop-Shop
Posted on
Posted in European Union, International
On June 15, 2021, the Court of Justice of the European Union released its judgment in case C-645/19 of Facebook Ireland Limited, Facebook Inc., Facebook Belgium BVBA v. the Belgian Data Protection Authority. We provide highlights of the case in this blog entry.…
Continue Reading CJEU Issues Ruling on Jurisdictional Aspects of the GDPR’s One-Stop-Shop
European Commission Publishes Final Version of Updated Standard Contractual Clauses
Posted on
Posted in European Union, International
On June 4, 2021, the European Commission published the final version of the implementing decision on standard contractual clauses for transfers of personal data to third countries under the EU General Data Protection Regulation, as well as the final version of the new standard contractual clauses.…
Continue Reading European Commission Publishes Final Version of Updated Standard Contractual Clauses
CIPL Submits Comments on China’s Updated Draft Personal Information Protection Law
Posted on
The Centre for Information Policy Leadership at Hunton Andrews Kurth LLP has submitted its response to the Standing Committee of the National People’s Congress of the People’s Republic of China on the updated version of the Draft Personal Information Protection Law.…
Continue Reading CIPL Submits Comments on China’s Updated Draft Personal Information Protection Law
Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers
Posted on
On May 20, 2021, the Belgian Data Protection Authority announced that it had approved the EU Data Protection Code of Conduct for Cloud Service Providers, the first transnational EU code of conduct since the entry into force of the EU General Data Protection Regulation.…
Continue Reading Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers
Dutch DPA Fines Company 525,000 EUR for Failure to Designate EU Representative
Posted on
Posted in Enforcement, European Union
The Dutch Data Protection Authority has imposed a 525,000 EUR fine on Locatefamily.com for failure to comply with the obligation imposed under Article 27 of the EU General Data Protection Regulation to appoint a representative in the EU.…
Continue Reading Dutch DPA Fines Company 525,000 EUR for Failure to Designate EU Representative
Irish High Court Permits DPC Inquiry into Facebook Transfers to Proceed
Posted on
Posted in European Union, Information Security
On May 14, 2021, the Irish High Court dismissed Facebook Ireland’s challenge to the Irish Data Protection Commissioner’s investigation into the company’s international transfers of personal data.…
Continue Reading Irish High Court Permits DPC Inquiry into Facebook Transfers to Proceed
Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs
Posted on
On May 2, 2021, the Norwegian data protection authority, Datatilsynet, notified a U.S. company of its intention to issue a fine of 25 million Norwegian Krone (approximately 2.5 million Euros). The preliminary fine was issued for failure to comply with the General Data Protection Regulation’s accountability, lawfulness and transparency requirements, primarily due to the company’s tracking of website visitors.…
Continue Reading Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs
China Publishes Draft Security Standard on Facial Recognition
Posted on
Posted in Information Security, International
The National Information Security Standardization Technical Committee of China has published a draft standard on Security Requirements of Facial Recognition Data. The Standard, which is non-mandatory, details requirements for collecting, processing, sharing and transferring data used for facial recognition.…
Continue Reading China Publishes Draft Security Standard on Facial Recognition
Portuguese DPA Orders Suspension of U.S. Data Transfers by Agency That Relied on SCCs
Posted on
On April 27, 2021, the Portuguese Data Protection Authority ordered the National Institute of Statistics to suspend, within 12 hours, any international transfers of personal data to the U.S. or other third countries that have not been recognized as providing an adequate level of data protection.…
Continue Reading Portuguese DPA Orders Suspension of U.S. Data Transfers by Agency That Relied on SCCs