The French Data Protection Authority recently published its Annual Activity Report for 2021.
Continue Reading CNIL Unveils 2021 Annual Activity Report
European Data Protection Board
EDPB Adopts Statement on the Announcement of an Enhanced EU-U.S. Privacy Shield
On March 7, 2022, the European Data Protection Board released a statement on the announcement of a new Trans-Atlantic Data Privacy Framework.
Continue Reading EDPB Adopts Statement on the Announcement of an Enhanced EU-U.S. Privacy Shield
EDPB Adopts Guidelines on Codes of Conduct as Tools for Transfers
On February 22, 2022, the European Data Protection Board adopted its final Guidelines 04/2021 on Codes of Conduct as tools for transfers, following a public consultation that took place in 2021.
Continue Reading EDPB Adopts Guidelines on Codes of Conduct as Tools for Transfers
French CNIL Releases 2022 Enforcement Priorities
On February 15, 2022, the French Data Protection Authority published its enforcement priority topics for 2022, which focused on direct marketing, monitoring teleworking employees and cloud computing. …
Continue Reading French CNIL Releases 2022 Enforcement Priorities
French CNIL Rules EU-U.S. Data Transfers Through the Use of Analytics Cookie to be Unlawful
On February 10, 2022, the French Data Protection Authority ruled that transfers of personal data from the EU to the U.S. through the use of an analytics cookie to be unlawful.
Continue Reading French CNIL Rules EU-U.S. Data Transfers Through the Use of Analytics Cookie to be Unlawful
Austrian DPA Finds Data Transfers Resulting from Analytics Cookie Use to Be in Violation of GDPR Data Transfer Requirements
The Austrian data protection authority recently published a decision finding that the use of Google Analytics cookies violates both Chapter V of the GDPR, which establishes the rules on international data transfers, and the Schrems II judgment of the Court of Justice of the European Union.
Continue Reading Austrian DPA Finds Data Transfers Resulting from Analytics Cookie Use to Be in Violation of GDPR Data Transfer Requirements
European Commission Defends Irish Data Protection Commissioner
In a letter addressed to certain members of the European Parliament, European Commissioner for Justice Reynders refuted some of the criticism that has been raised against the Irish Data Protection Commissioner. This blog entry provides highlights on the Commissioner’s response. …
Continue Reading European Commission Defends Irish Data Protection Commissioner
The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR
On November 19, 2021, the European Data Protection Board published its draft Guidelines 05/2021 on the interplay between the application of Article 3 of the GDPR, which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers.
Continue Reading The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR
EDPB Releases Statement on the Digital Services Package and Data Strategy; Calls for Ban on Targeted Ads
On November 18, 2021, the European Data Protection Board released a statement on the Digital Services Package and Data Strategy. The Digital Services Package and Data Strategy is composed of several legislative proposals that aim to facilitate the further use and sharing of personal data between more public and private parties; support the use of specific technologies, such as Big Data and artificial intelligence; and regulate online platforms and gatekeepers.
Continue Reading EDPB Releases Statement on the Digital Services Package and Data Strategy; Calls for Ban on Targeted Ads
Belgian DPA Expected to Rule that IAB Europe’s Cookie Consent Framework Violates the GDPR
On November 5, 2021, IAB Europe announced that, in the coming weeks, the Belgian Data Protection Authority plans to share with other data protection authorities a draft ruling on the IAB EU Transparency & Consent Framework. …
Continue Reading Belgian DPA Expected to Rule that IAB Europe’s Cookie Consent Framework Violates the GDPR