The Centre for Information Policy Leadership at Hunton Andrews Kurth published a paper on the Draft ePrivacy Regulation, in the context of the Trilogue Discussions between the EU Commission, EU Council and EU Parliament.
Continue Reading CIPL Publishes Paper on the Draft ePrivacy Regulation to Inform Current Trilogue Discussions

The Irish Data Protection Commissioner has submitted a draft decision on Facebook Ireland Limited’s data protection compliance to other European regulators under the cooperation mechanism of the EU General Data Protection Regulation. The DPC proposed a fine for infringements of the transparency obligations under the GDPR, specifically with respect to the legal basis upon which Facebook relied.
Continue Reading Irish DPC Draft Decision Permits Facebook to Rely on Contractual Necessity for Behavioral Advertising

On September 27, 2021, the Centre for Information Policy Leadership at Hunton Andrews Kurth published a white paper on the “GDPR Enforcement Cooperation and the One-Stop-Shop – Learning from the First Three Years.”
Continue Reading CIPL Publishes White Paper on GDPR Enforcement Cooperation and the One-Stop-Shop

On September 27, 2021, the European Data Protection Board announced that it had adopted an Opinion on the European Commission’s draft adequacy decision for the Republic of Korea. In the Opinion, the EDPB concluded that there are key areas of alignment between the EU and Korean data protection frameworks.
Continue Reading EDPB Adopts Opinion on Draft South Korea Adequacy Decision

On September 10, 2021, the UK Government Department for Digital, Culture, Media & Sport launched a consultation on its proposed reforms to the UK data protection regime to reflect DCMS’s effort to deliver on Mission 2 of the National Data Strategy. The consultation will close on November 19, 2021, and CIPL will consult with members to prepare a formal response to the consultation.
Continue Reading DCMS Consults on National Data Strategy

The Belgian Council of State recently confirmed a decision of the regional Flemish Authorities to contract with an EU branch of a U.S. company using Amazon Web Services, stating that the use of U.S. cloud services in itself does not infringe on the GDPR.
Continue Reading Belgian Council of State Considers Encryption a Sufficient Measure for U.S. Data Transfers

On August 27, 2021, the Federal Data Protection and Information Commissioner announced that the new EU Standard Contractual Clauses may be relied on to legitimize transfers of personal data from Switzerland to countries without an adequate level of data protection, provided that the necessary amendments and adaptations are made for use under Swiss data protection law.
Continue Reading Swiss DPA Recognizes the New EU Standard Contractual Clauses

On September 2, 2021, Ireland’s Data Protection Commission announced a fine of €225 million ($266 million) against WhatsApp Ireland Ltd for failure to meet the transparency requirements of Articles 12-14 of the EU General Data Protection Regulation.
Continue Reading Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

On August 26, 2021, the UK Department of Culture, Media and Sport made news by publishing a document indicating its intent to begin making adequacy decisions for UK data transfers to foreign jurisdictions and by announcing its preferred candidate for the position of new UK Information Commissioner.
Continue Reading UK DCMS Identifies Priority Jurisdictions for UK Adequacy Recognition and Proposes New UK Information Commissioner