On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of Endemol Shine (Case C‑604/22). In this case, the CJEU was called upon to assess whether oral disclosure of information could be considered as processing of personal data under the GDPR and to clarify the relationship between personal data protection and public access to documents.
Continue Reading CJEU Rules That Oral Disclosure May Be Considered as Processing of Personal Data Under the GDPR
GDPR
CJEU Rules on IAB Europe’s Transparency and Consent Framework
On March 7, 2024, the Court of Justice of the European Union issued its judgment in the case of IAB Europe (Case C‑604/22). In this judgment, the CJEU assessed the role of IAB Europe in the processing operations associated with its Transparency and Consent Framework and further developed CJEU case law on the concept of personal data under the GDPR.
Continue Reading CJEU Rules on IAB Europe’s Transparency and Consent Framework
CIPL Publishes The Zero Risk Fallacy Paper
On February 20, 2024, The Centre for Information Policy Leadership at Hunton Andrews Kurth LLP and Theodore Christakis, Professor of International, European and Digital Law at University Grenoble Alpes, released a comprehensive study titled The “Zero Risk” Fallacy: International Data Transfers, Foreign Governments’ Access to Data and the Need for a Risk-Based Approach.
Continue Reading CIPL Publishes The Zero Risk Fallacy Paper
CIPL Publishes Discussion Paper on Data Protection Assessment Requirements Under U.S. State Privacy Laws
The Centre for Information Policy Leadership at Hunton Andrews Kurth LLP recently published a discussion paper on “Comparison of US State Privacy Laws: Data Protection Assessments.” This blog entry provides a summary of the paper and a link to download a copy of the paper.
Continue Reading CIPL Publishes Discussion Paper on Data Protection Assessment Requirements Under U.S. State Privacy Laws
EDPB Adopts Opinion on the Notion of Main Establishment
On February 13, 2024, the European Data Protection Board (“EDPB”) adopted Opinion 04/2024 on the notion of the main establishment of a controller in the Union under Article 4(16)(a) of the EU General Data Protection Regulation (“GDPR”) (the “Opinion”).Continue Reading EDPB Adopts Opinion on the Notion of Main Establishment
EDPB Publishes One-Stop-Shop Digest on Data Security and Breach Notification
On January 18, 2024, the European Data Protection Board published a thematic one-stop-shop case digest titled, “Security of Processing and Data Breach Notification.”…
Continue Reading EDPB Publishes One-Stop-Shop Digest on Data Security and Breach Notification
European Commission Reviews and Reaffirms Adequacy Decisions for 11 Jurisdictions
On January 15, 2024, the European Commission released its “report on the first review of the functioning of the Adequacy Decisions adopted pursuant to Article 25(6) of Directive 95/46/EC.”…
Continue Reading European Commission Reviews and Reaffirms Adequacy Decisions for 11 Jurisdictions
CNIL Opens Consultation on Transfer Impact Assessment Guide
On January 8, 2024, the French Data Protection Authority opened a consultation on its draft guidance for the use of transfer impact assessments. …
Continue Reading CNIL Opens Consultation on Transfer Impact Assessment Guide
CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR
On December 21, 2023, the Court of Justice of the European Union (“CJEU”) issued its judgment in the case of Krankenversicherung Nordrhein (C-667/21) in which it clarified, among other things, the rules for processing special categories of personal data (hereafter “sensitive personal data”) under Article 9 of the EU General Data Protection Regulation (“GDPR”) and the nature of the compensation owed for damages under Article 82 of the GDPR.Continue Reading CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR
ICO Publishes Response to UK Data Protection and Digital Information Bill
On December 18, 2023, the updated response from UK Information Commissioner John Edwards to the Data Protection and Digital Information (No 2) Bill was published on the UK ICO’s website.
Continue Reading ICO Publishes Response to UK Data Protection and Digital Information Bill