The recent UK case of Soriano v Forensic News and Others tested the territorial reach of the General Data Protection Regulation and represents the first UK judgment dealing with the territorial scope of the GDPR. This was a “service out” case, where the claimant, Walter T. Soriano, sought the Court’s permission under the UK Civil Procedure Rules to serve proceedings on the defendants, who were all domiciled in the U.S.
Continue Reading UK Case Tests the Territorial Application of the GDPR to U.S. Run Website
European Data Protection Board
EDPB Publishes Guidelines on Examples regarding Data Breach Notification
On January 18, 2021, the European Data Protection Board released draft Guidelines 01/2021 on Examples regarding Data Breach Notification. The Guidelines aim to assist data controllers in deciding how to handle data breaches, including by identifying the factors that they must take into account when conducting risk assessments to determine whether a breach must be reported to relevant supervisory authorities and/or the affected data subjects. …
Continue Reading EDPB Publishes Guidelines on Examples regarding Data Breach Notification
EDPB and EDPS Adopt Joint Opinions on Draft SCCs
On January 15, 2020, the European Data Protection Board and European Data Protection Supervisor adopted joint opinions on the draft Standard Contractual Clauses released by the European Commission in November 2020, both for international transfers and for controller-processor relationships within the EEA.…
Continue Reading EDPB and EDPS Adopt Joint Opinions on Draft SCCs
CIPL Submits Response to the EDPB Guidelines 09/2020 on Relevant and Reasoned Objections under the GDPR
On November 23, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted its response to the European Data Protection Board consultation on draft guidelines on relevant and reasoned objections under the General Data Protection Regulation cooperation and consistency mechanisms. This posts provides an overview of the EDPB’s guidelines and highlights CIPL’s response.…
Continue Reading CIPL Submits Response to the EDPB Guidelines 09/2020 on Relevant and Reasoned Objections under the GDPR
EDPB Publishes Its 2021-2023 Strategy
On December 21, 2020, the European Data Protection Board released its 2021-2023 Strategy. This post reviews the four main pillars of the EDPB strategic objectives through 2023 and key actions to help achieve those objectives.…
Continue Reading EDPB Publishes Its 2021-2023 Strategy
Irish DPA Issues Fine of 450,000 Euros Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism
On December 15, 2020, the Irish Data Protection Commission announced its fine of 450,000 Euros against Twitter International Company, following its investigation into a breach resulting from a bug in Twitter’s design. The fine is the largest issued by the Irish DPC under the GDPR to date and is also its first against a U.S.-based organization. …
Continue Reading Irish DPA Issues Fine of 450,000 Euros Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism
European Commission Publishes Draft of New Standard Contractual Clauses
On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR, along with its draft set of new standard contractual clauses. This blog entry provides key takeaways on the draft decision.…
Continue Reading European Commission Publishes Draft of New Standard Contractual Clauses
EDPB Adopts Recommendations on Supplementary Measures for Data Transfers Following Schrems II Decision
On November 11, 2020, the European Data Protection Board published its long-awaited recommendations following the Schrems II judgement regarding supplementary measures that may be implemented to ensure the adequate protection of personal data when transferring the data to third countries.…
Continue Reading EDPB Adopts Recommendations on Supplementary Measures for Data Transfers Following Schrems II Decision
EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR
During its 39th plenary session on October 8, 2020, the European Data Protection Board adopted guidelines on relevant and reasoned objection under the General Data Protection Regulation. …
Continue Reading EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR
CIPL Publishes Recommendations for International Transfers Post-Schrems II
On September 24, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth released a new paper on the “Path Forward for International Data Transfers under the GDPR after the CJEU Schrems II Decision.”…
Continue Reading CIPL Publishes Recommendations for International Transfers Post-Schrems II