Tag Archives: EU Data Protection Directive

EU Commission Publishes Communication on Transatlantic Data Transfers and Confirms Objective to Establish a New Safe Harbor Framework

On November 6, 2015, the European Commission published a communication and a Q&A document addressed to the European Parliament and European Council on the transfer of personal data from the EU to the U.S. under EU Data Protection Directive 95/46/EC, following the decision by the Court of Justice of the European Union invalidating the European Commission’s Safe Harbor decision.… Continue Reading

CJEU Applies Broad Territorial Scope to EU Data Protection Law

On October 1, 2015, the Court of Justice of the European Union (the “CJEU”) issued its judgment in Weltimmo v Nemzeti (Case C-230/14). Weltimmo, a company registered and headquartered in Slovakia, runs a website that allows property owners in Hungary to advertise their properties. The CJEU stated that, in some cases, Weltimmo had failed to … Continue Reading

Article 29 Working Party Issues Opinion on Drones

On June 16, 2015, the Article 29 Working Party adopted an Opinion on Privacy and Data Protection Issues relating to the Utilization of Drones. This blog entry contains highlights of the Opinion, which provides guidance on the application of data protection rules to the manufacture and use of drones.… Continue Reading

Article 29 Working Party Clarifies Scope of Health Data Processed by Lifestyle and Wellbeing Apps

On February 5, 2015, the Article 29 Working Party published a letter that responds to a request of the European Commission to clarify the scope of health data processed by lifestyle and wellbeing apps. In the letter, the Working Party identifies the criteria to determine when personal data qualifies as "health data," and provides recommendations on the treatment of health data in the proposed EU Regulation.… Continue Reading

Centre Discusses the Risk-Based Approach to Privacy and APEC-EU Interoperability at IAPP Brussels

At the IAPP's recent Europe Data Protection Congress in Brussels, the Centre for Information Policy Leadership at Hunton & Williams led two panels on the risk-based approach to privacy as a tool for implementing existing privacy principles more effectively and on codes of conduct as a means for creating interoperability between different privacy regimes.… Continue Reading

Centre’s Risk Workshop II in Brussels Emphasizes that Risk-Based Approach to Privacy Does Not Change Legal Obligations but Helps Calibrate Their Effective Implementation

On November 18, 2014, the Centre for Information Policy Leadership at Hunton & Williams held the second workshop in its ongoing work on the risk-based approach to privacy and a Privacy Risk Framework. Approximately 70 Centre members, privacy regulators and other privacy experts met in Brussels to discuss the benefits and challenges of the risk-based approach, operationalizing risk assessments within organizations, and employing risk analysis in enforcement. … Continue Reading

Article 29 Working Party Issues Guidance on the “Legitimate Interests” Ground in the EU Data Protection Directive

On April 9, 2014, the Article 29 Working Party issued an Opinion on the "legitimate interests" ground for lawful processing of personal data. The Opinion provides detailed information on how data controllers should conduct the balancing test necessary to determine whether processing is justified on the basis of the controller’s legitimate interests.… Continue Reading

Greek Presidency Issues Notes on Proposed EU Data Protection Regulation

On January 31, 2014, the Greek Presidency of the Council of the European Union issued four notes regarding the proposed EU Data Protection Regulation. This blog post summarizes the notes which address the one-stop-shop mechanism, data portability, data protection impact assessments and prior checks, and rules applicable to data processors.… Continue Reading