The Irish Data Protection Commissioner has submitted a draft decision on Facebook Ireland Limited’s data protection compliance to other European regulators under the cooperation mechanism of the EU General Data Protection Regulation. The DPC proposed a fine for infringements of the transparency obligations under the GDPR, specifically with respect to the legal basis upon which Facebook relied.
Continue Reading Irish DPC Draft Decision Permits Facebook to Rely on Contractual Necessity for Behavioral Advertising

On September 2, 2021, Ireland’s Data Protection Commission announced a fine of €225 million ($266 million) against WhatsApp Ireland Ltd for failure to meet the transparency requirements of Articles 12-14 of the EU General Data Protection Regulation.
Continue Reading Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

The Centre for Information Policy Leadership at Hunton Andrews Kurth recently submitted its comments on the Irish Data Protection Commissioner’s consultation on its Draft Regulatory Strategy for 2021-2026, in which the DPC sets out its vision for the next five years.
Continue Reading CIPL Responds to Irish DPC Consultation on Draft Regulatory Strategy

The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its comments on the Irish Data Protection Commissioner’s draft guidance on the safeguarding of the personal data of children when providing online services.
Continue Reading CIPL Submits Comments on Irish DPC’s Guidance on Safeguarding Personal Data of Children

On December 15, 2020, the Irish Data Protection Commission announced its fine of 450,000 Euros against Twitter International Company, following its investigation into a breach resulting from a bug in Twitter’s design. The fine is the largest issued by the Irish DPC under the GDPR to date and is also its first against a U.S.-based organization.
Continue Reading Irish DPA Issues Fine of 450,000 Euros Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism

On July 16, 2020, the Court of Justice of the European Union issued its landmark judgment in the Schrems II case, concluding that the Standard Contractual Clauses issued by the European Commission for the transfer of personal data to data processors established outside of the EU are valid. Unexpectedly, the Court invalidated the EU-U.S. Privacy Shield framework.
Continue Reading BREAKING: Unexpected Outcome of Schrems II Case: CJEU Invalidates EU-U.S. Privacy Shield Framework but Standard Contractual Clauses Remain Valid

In one of the most important cases on global data transfers, the Court of Justice of the European Union (“CJEU”) will rule on the validity of the Standard Contractual Clauses (“SCCs”) in the Schrems II case (case C-311/18) on July 16, 2020. Invalidation of the SCCs would leave businesses scrambling to find an alternative data transfer mechanism. But there may be significant practical challenges for businesses even if the SCCs survive.

Continue Reading Webinar on Schrems II: The Practical Implications for Businesses

In a case that has garnered widespread interest, the Court of Justice of the European Union will deliver its judgement in the Schrems II case (case C-311/18) on July 16, 2020, determining the validity of the controller-to-processor Standard Contractual Clauses as a cross-border data transfer mechanism under the GDPR.
Continue Reading CJEU’s Judgment on Validity of EU Standard Contractual Clauses Due July 16, 2020