The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its response to the European Data Protection Board consultation on draft guidelines on virtual voice assistants. The Guidelines were adopted on March 12, 2021 for public consultation.
Continue Reading CIPL Submits Response to the EDPB Guidelines on Virtual Voice Assistants

On March 12, 2021, the European Data Protection Board (“EDPB”) published its Guidelines 01/2021 on Virtual Voice Assistants for consultation (the “Guidelines”). Virtual voice assistants (“VVAs”) understand and execute voice commands or coordinate with other IT systems. These tools are available on most smartphones and other devices and collect significant amounts of personal data, such as through user commands. In addition, VVAs require a terminal device equipped with a microphone and transfer data to remote service. These activities raise compliance issues under both the General Data Protection Regulation (“GDPR”) and the e-Privacy Directive.
Continue Reading EDPB Releases Guidelines on Virtual Voice Assistants

On February 10, 2021, representatives of the EU Member States reached an agreement on the Council of the European Union’s negotiating mandate for the draft ePrivacy Regulation, which will replace the current ePrivacy Directive. The text approved by the EU Member States was prepared under Portugal’s Presidency and will form the basis of the Council’s negotiations with the European Parliament on the final terms of the ePrivacy Regulation.
Continue Reading EU Member States Agree on Council’s Text for the ePrivacy Regulation

On December 10, 2020, the French Data Protection Authority announced that it has levied fines on Google LLC, Google Ireland Limited and Amazon Europe Core for alleged violations of the French cookie rules. This post examines the French cookie rules, CNIL’s territorial jurisdiction, the investigations and the sanctions levied against each company.
Continue Reading CNIL Fines Google and Amazon 135 Million Euros for Alleged Cookie Violations

On November 26, 2020, the Conference of the German Data Protection Authorities issued a press release with conclusions from their 100th anniversary meeting. The key issues discussed were the implications of Schrems II on German privacy and cybersecurity.
Continue Reading Takeaways from 100th Anniversary Meeting of German Data Protection Authorities

On October 6, 2020, the Court of Justice of the European Union handed down Grand Chamber judgments determining that the ePrivacy Directive does not allow for EU Member States to adopt legislation intended to restrict the scope of its confidentiality obligations unless they comply with the general principles of EU law.
Continue Reading CJEU Restricts Indiscriminate Access to Electronic Communications for National Security Purposes

On July 30, 2020, the Litigation Chamber of the Belgian Data Protection Authority (the “Belgian DPA”) imposed a €20,000 fine on Belgian telecommunications provider Proximus N.V. (“Proximus”) for several data protection infringements related to Proximus’ public directory. In particular, the claimant requested that Proximus remove his contact details from the public directory and inform other publishers of public directories not to publish his personal data. Despite informing the claimant that it was going to proceed accordingly, Proximus still published his personal data in its public directory and shared it with other publishers of public directories.

Continue Reading Belgian DPA Fines Belgian Telecommunications Provider for Several Data Protection Infringements