The European Data Protection Board recently adopted its Guidelines 3/2019 on processing of personal data through video devices. Although the Guidelines provide examples of data processing for video surveillance, these examples are not exhaustive.
Continue Reading
EU Member States
The Schrems Saga Continues: Schrems II Case Heard Before the CJEU
Posted on
Posted in European Union, International
On July 9, 2019, the hearing in the so-called Schrems II case (case C-311/18) took place at the Court of Justice of the European Union in Luxembourg. This blog entry provides highlights from the hearing, and also discusses the potential impact of the CJEU’s judgment in the case in the EU data protection landscape.…
Continue Reading
ICO Announces $124 Million Fine for Marriott International following Data Breach
Posted on
On July 9, 2019, the UK Information Commissioner’s Office announced that it intends to fine Marriott International £99,200,396 for a data breach violating the GDPR. This closely follows the £183 million fine for British Airways, announced on July 8.…
Continue Reading
ICO Announces $230 Million Fine for British Airways following Data Breach
Posted on
On July 8, 2019, the UK Information Commissioner’s Office announced that it intends to fine British Airways £183,390,000 for a data breach for violating the GDPR. This is the first fine to be announced publicly by the ICO under the GDPR.…
Continue Reading
EDPB Publishes Guidelines on the Contractual Legal Basis for Data Processing of Online Services
Posted on
On April 12, 2019, the European Data Protection Board published draft guidelines 2/2019 on the processing of personal data in the context of the provision of online services to data subjects. This blog entry provides an overview of the Guidelines.…
Continue Reading
European Commission Releases Study on GDPR Data Protection Certification Mechanisms
Posted on
Posted in European Union, International
The European Commission recently issued its study on GDPR data protection certification mechanisms. The study’s objectives and key findings are outlined in this blog entry.…
Continue Reading
CNIL Publishes Binding Rules on Processing Biometric Data as Workplace Access Control
Posted on
On March 28, 2019, the French data protection authority published a “Model Regulation” addressing the use of biometric systems to control access to premises, devices and apps at work.…
Continue Reading
EU Parliament Approves the Proposal for Cybersecurity Act
Posted on
On March 12, 2019, the European Parliament approved the proposal for “Regulation of the European Parliament and of the Council on ENISA,” repealing Regulation (EU) No 526/2013 and an information and communications technology cybersecurity certification.…
Continue Reading
EDPB Issues Statement on U.S. Foreign Account Tax Compliance Act
Posted on
On February 25, 2019, the European Data Protection Board issued a statement regarding the transfer of personal data from Europe to the U.S. Internal Revenue Service for purposes of the U.S. Foreign Account Tax Compliance Act.…
Continue Reading
EDPB Reiterates the Need to Address Post-Brexit Data Transfers, Including BCRs
Posted on
At its plenary meeting today in Brussels, the European Data Protection Board adopted an Information Note on Data Transfers under the GDPR in the Event of a No-Deal Brexit and an Information Note on BCRs for Companies Which Have ICO as BCR Lead Supervisory Authority.…
Continue Reading