Archives: EU

Subscribe to EU RSS Feed

GDPR’s Impact on Advertising Practices

The GDPR has impacted how organizations in many industries, including advertising, operate. For example, the Committee of Advertising Practice, which authors the UK Code of Non-broadcast Advertising and Direct & Promotional Marketing “CAP Code”, is in the process of updating its prize promotion rules to comply with the stricter requirements under the GDPR, primarily as … Continue Reading

EDPB Tries to Sort Out the DPIA Disaccord

Article 35(4) of the EU General Data Protection Regulation (“GDPR”) states that the supervisory authorities of the EU Member States (“SAs”) shall establish, publish and communicate to the European Data Protection Board (“EDPB”) a list of processing operations that are subject to a requirement for a data protection impact assessment (“DPIA”) under the GDPR.… Continue Reading

Procedure Launched for Japan and the European Union to Become the World’s Largest Area of Safe Data Transfers

What’s New? On 5 September 2018, the EU Commission commenced proceedings to adopt an Adequacy Decision in relation to Japan’s protection of personal data by issuing a draft ‘Commission Implementing Decision’. This is an important step towards the culmination of discussions between the EU and Japan that were initiated in January 2017, with the aim … Continue Reading

GDPR is Now EEA Wide!

The General Data Protection Regulation (GDPR) was incorporated into the EEA Agreement by the EEA Joint Committee in Brussels and entered into force in mid-July.  The European Economic Area (EEA) currently includes all EU Member States, including, for the time being, the UK, as well as the three out of four EFTA States meaning Iceland, Liechtenstein and … Continue Reading

GDPR – What Are You Doing About Compliance?

The final countdown has started, there are a few days left before GDPR takes effect on Friday 25 May 2018. What are you doing about compliance?   If you need assistance, in the EU or outside the EU, for your GDPR compliance program do not hesitate to contact a member of our global Data Protection … Continue Reading

Clarifying Lawful Overseas Use of Data – The Cloud Act

In Part 1 of an upcoming series of posts on our sister Anticorruption Blog, DC-based associate Ericka Johnson explores the recently proposed CLOUD Act and the increasing gap between technology and the law. Of special interest to our readers, The CLOUD Act updates standards for when governments may be able to obtain information stored outside … Continue Reading

The GDPR’s Impact on CCTV and Workplace Surveillance

What is CCTV? CCTV means closed-circuit television, also known as video surveillance. Video surveillance systems monitors the behavior, activities, or other changing information, usually, of people from a distance by means of electronic equipment. Video surveillance can include anything from closed circuit television or automatic number-plate recognition systems, to any other system for recording, storing, … Continue Reading

How to Find Official Guidance on the EU General Data Protection Regulation (GDPR)

Happy New Year!  With 2018 off to a rapid start, companies now have fewer than five months to become GDPR-compliant. Although the basic principles and obligations enshrined in the GDPR are not new, the GDPR contains a complex, interlinked series of requirements whose practical application to real world situations is often very unclear.  The Article … Continue Reading

WP29 Publishes Draft Guidelines on Consent

On 12 December 2017, Article 29 Working Party (WP29) published its long-awaited draft guidelines on consent under the GDPR. The guidelines build on WP29’s ‘Opinion on the definition of consent’, adopted in July 2011. As with the draft guidance on transparency, published the same day, WP29 invites comments to be submitted by 23 January 2018. … Continue Reading

Proposed e-Privacy Regulation in Trilogue Phase Making May 2018 Enforcement Unlikely

Nearly a year ago, on 10 January 2017, the EU Commission released the proposed ePrivacy Regulation (ePR). The three main areas covered by the legislation are the use of electronic communications data by telecommunications operators and other specified entities, the use of tracking applications, and unsolicited direct marketing communications. The ePR aims to ensure a … Continue Reading

List of DPOs Appointed by the EU Institutions and Bodies Published

To allow Data Protection Officers (“DPOs”) to interact with one another and share best practices, the European Data Protection Supervisor (“EDPS”) has published a list of DPOs currently appointed by EU agencies. This list identified notably the DPOs for the EDPS as well as the European Court of Justice. The publication of this information not … Continue Reading

A New French Scientific Committee For Cybersecurity of Medical Device Software

The French  National Agency for Safety of Medicines and Health Products (Agence nationale de sécurité du médicament et des produits de santé or ANSM) has announced on its website in October 2017 the  creation of a  “temporary specialized scientific committee” (comité scientifique spécialisé temporaire CSST) on the cybersecurity of medical device software.… Continue Reading

Breakfast Briefing – Cybersecurity Readiness and Effective Breach Response

The EU General Data Protection Regulation (GDPR) increases organizations’ obligations to a new level and also adopts, for the first time, specific breach notification guidelines. Cybersecurity readiness and effective responses are no longer the exclusive domain of IT departments -these are now board-level concerns.  Regardless of industry sector, size or commercial focus, companies not only … Continue Reading

WP 29 Publishes Guidelines on Personal Data Breach Notification Under Regulation 2016/679 “WP250”

The G29 is continuing its work to clarify GDPR with a view to its implementation in May 2018. The subject of personal data breach notification is not entirely new, as the reporting obligation, which will soon apply to all, already exists for communication service providers. However, these guidelines reiterate or provide more detailed information about … Continue Reading

WP 29 publishes Guidelines on Automated Individual Decision-Making and Profiling “WP251”

The Article 29 Working Party, the group of EU data protection authorities charged with agreeing European-wide guidance on GDPR, has published Guidelines on the Automated Individual Decision-Making and Profiling “WP251”. While the introduction of the concept of “profiling” in the GDPR is relatively new, it is not the case for automated individual decision-making, which is … Continue Reading

Privacy Shield: First Annual Review Report Published

On 18 October 2017, the European Commission (“Commission”) published its first annual report on the functioning of the US-EU Privacy Shield (“the Report”), the successor to the Safe Harbor framework after its invalidation in Schrems. The Report will be widely welcomed by businesses on both sides of the Atlantic as the Commission continues to back … Continue Reading
LexBlog