On December 15, 2020, the Irish Data Protection Commission announced its fine of 450,000 Euros against Twitter International Company, following its investigation into a breach resulting from a bug in Twitter’s design. The fine is the largest issued by the Irish DPC under the GDPR to date and is also its first against a U.S.-based organization.
Continue Reading Irish DPA Issues Fine of 450,000 Euros Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism
European Data Protection Board
European Commission Publishes Draft of New Standard Contractual Clauses
On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR, along with its draft set of new standard contractual clauses. This blog entry provides key takeaways on the draft decision.…
Continue Reading European Commission Publishes Draft of New Standard Contractual Clauses
EDPB Adopts Recommendations on Supplementary Measures for Data Transfers Following Schrems II Decision
On November 11, 2020, the European Data Protection Board published its long-awaited recommendations following the Schrems II judgement regarding supplementary measures that may be implemented to ensure the adequate protection of personal data when transferring the data to third countries.…
Continue Reading EDPB Adopts Recommendations on Supplementary Measures for Data Transfers Following Schrems II Decision
EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR
During its 39th plenary session on October 8, 2020, the European Data Protection Board adopted guidelines on relevant and reasoned objection under the General Data Protection Regulation. …
Continue Reading EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR
CIPL Publishes Recommendations for International Transfers Post-Schrems II
On September 24, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth released a new paper on the “Path Forward for International Data Transfers under the GDPR after the CJEU Schrems II Decision.”…
Continue Reading CIPL Publishes Recommendations for International Transfers Post-Schrems II
EDPB Published Guidelines on the Targeting of Social Media Users
The European Data Protection Board recently published Guidelines on the Targeting of Social Media Users, which aim to provide practical guidance on the role and responsibilities of social media providers and those using targeting services.…
Continue Reading EDPB Published Guidelines on the Targeting of Social Media Users
EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR
On September 7, 2020, the European Data Protection Board released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation. We provide a summary of the key takeaways from the guidelines. …
Continue Reading EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR
EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision
On September 4, 2020, the European Data Protection Board announced that it established two taskforces following the judgment of the CJEU in the Schrems II case. …
Continue Reading EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision
European Parliament Meeting on Future of EU-U.S. Data Flows
On September 3, 2020, the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament held a meeting to discuss the future of EU-U.S. data flows following the Schrems II judgment of the Court of Justice of the European Union.…
Continue Reading European Parliament Meeting on Future of EU-U.S. Data Flows
Dutch “Data Pro Code” Approved
On August 27, 2020, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, the “Dutch DPA”) announced it approved the “Data Pro Code,” a code of conduct drafted by industry association NLdigital (the “Code”). This Code is the first code of conduct approved by the Dutch DPA under the EU General Data Protection Regulation (the “GDPR”). Adhering to the Code will help organizations active in the Information and Communications Technology sector comply with their obligations under the GDPR. The Code includes, among other things, a series of practical GDPR compliance tools, such as the “Data Pro Statement” that companies may use to inform potential customers of the data protection safeguards they have in place.
…
Continue Reading Dutch “Data Pro Code” Approved