European Data Protection Board

The Belgian Council of State recently confirmed a decision of the regional Flemish Authorities to contract with an EU branch of a U.S. company using Amazon Web Services, stating that the use of U.S. cloud services in itself does not infringe on the GDPR.
Continue Reading Belgian Council of State Considers Encryption a Sufficient Measure for U.S. Data Transfers

On September 2, 2021, Ireland’s Data Protection Commission announced a fine of €225 million ($266 million) against WhatsApp Ireland Ltd for failure to meet the transparency requirements of Articles 12-14 of the EU General Data Protection Regulation.
Continue Reading Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

CIPL recently published a white paper on How the Legitimate Interest Ground for Processing for Processing Enables Responsible Data Use and Innovation, which explains the growing importance of the legitimate interests legal basis for organizations, whether for routine or more complex and innovative data processing activities.
Continue Reading CIPL Publishes White Paper on How the Legitimate Interest Ground for Processing Enables Responsible Data Use and Innovation

In an article originally published on Practical Law, Hunton Andrews Kurth partner Bridget Treacy discusses the European Commission’s long-awaited SCCs, including considerations for personal data transfers from the UK. This blog entry provides a link to download the article.
Continue Reading European Commission’s New Standard Contractual Clauses: What They Mean for UK Businesses

On June 21, 2021, the European Data Protection Board published the final version of its recommendations on supplementary measures in the context of international transfer safeguards, such as Standard Contractual Clauses.
Continue Reading EDPB Releases Final Recommendations on Supplementary Measures for International Transfers

On May 20, 2021, the Belgian Data Protection Authority announced that it had approved the EU Data Protection Code of Conduct for Cloud Service Providers, the first transnational EU code of conduct since the entry into force of the EU General Data Protection Regulation.
Continue Reading Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers

On May 11, 2021, the European Parliament issued a press release requesting that the European Commission amend its draft decisions on UK adequacy to more closely align with EU court rulings and the opinion of the European Data Protection Board. The request came after the Parliament’s Civil Liberties Committee passed a resolution evaluating the Commission’s approach regarding the adequacy of the UK’s data protection regime.
Continue Reading MEPs Urge European Commission to Amend Draft UK Adequacy Decision

The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its response to the European Data Protection Board consultation on draft guidelines on virtual voice assistants. The Guidelines were adopted on March 12, 2021 for public consultation.
Continue Reading CIPL Submits Response to the EDPB Guidelines on Virtual Voice Assistants

The European Data Protection Board has adopted its Opinion on the draft UK adequacy decision issued by the European Commission on February 19, 2021. The EDPB’s Opinion is non-binding but will be persuasive. The adequacy decision will be formally adopted if it is approved by the EU Member States acting through the European Council. If the adequacy decision is adopted, transfers of personal data from the EU to the UK may continue without the implementation of a data transfer mechanism under the EU General Data Protection Regulation, such as Standard Contractual Clauses.
Continue Reading EDPB Adopts Opinion on Draft UK Adequacy Decision