On September 24, 2019, the Court of Justice of the European Union released its judgments in cases C-507/17, Google v. CNIL and C-136/17, G.C. and Others v. CNIL regarding (1) the territorial scope of the right to be forgotten, and (2) the conditions in which individuals may exercise the right to be forgotten in relation to links to web pages containing sensitive data.
Continue Reading
EU Member States
EDPB Adopts Guidelines on Data Processing Through Video Devices
Posted on
Posted in European Union, International
The European Data Protection Board recently adopted its Guidelines 3/2019 on processing of personal data through video devices. Although the Guidelines provide examples of data processing for video surveillance, these examples are not exhaustive.…
Continue Reading
The Schrems Saga Continues: Schrems II Case Heard Before the CJEU
Posted on
Posted in European Union, International
On July 9, 2019, the hearing in the so-called Schrems II case (case C-311/18) took place at the Court of Justice of the European Union in Luxembourg. This blog entry provides highlights from the hearing, and also discusses the potential impact of the CJEU’s judgment in the case in the EU data protection landscape.…
Continue Reading
ICO Announces $124 Million Fine for Marriott International following Data Breach
Posted on
On July 9, 2019, the UK Information Commissioner’s Office announced that it intends to fine Marriott International £99,200,396 for a data breach violating the GDPR. This closely follows the £183 million fine for British Airways, announced on July 8.…
Continue Reading
ICO Announces $230 Million Fine for British Airways following Data Breach
Posted on
On July 8, 2019, the UK Information Commissioner’s Office announced that it intends to fine British Airways £183,390,000 for a data breach for violating the GDPR. This is the first fine to be announced publicly by the ICO under the GDPR.…
Continue Reading
EDPB Adopts Guidelines on Codes of Conduct and Monitoring Bodies
Posted on
Posted in European Union, International
The European Data Protection Board recently adopted its Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679. This blog entry provides an overview of the Guidelines.…
Continue Reading
ICO Reflects on a Year of GDPR
Posted on
The UK Information Commissioner’s Office recently published its reflections on the year that has passed since the implementation of the EU General Data Protection Regulation, together with a blog post by Elizabeth Denham, the UK Information Commissioner. …
Continue Reading
EDPB Publishes Guidelines on the Contractual Legal Basis for Data Processing of Online Services
Posted on
On April 12, 2019, the European Data Protection Board published draft guidelines 2/2019 on the processing of personal data in the context of the provision of online services to data subjects. This blog entry provides an overview of the Guidelines.…
Continue Reading
European Commission Releases Study on GDPR Data Protection Certification Mechanisms
Posted on
Posted in European Union, International
The European Commission recently issued its study on GDPR data protection certification mechanisms. The study’s objectives and key findings are outlined in this blog entry.…
Continue Reading
CNIL Publishes Binding Rules on Processing Biometric Data as Workplace Access Control
Posted on
On March 28, 2019, the French data protection authority published a “Model Regulation” addressing the use of biometric systems to control access to premises, devices and apps at work.…
Continue Reading