Search

To establish common rules on data protection and to help implement the Digital Single Market Strategy, the European Union set forth two instruments to reform the 1995 data protection rules (see here): the General Data Protection Regulation (“GDPR”) the Data Protection Directive to ensure cross-border cooperation and protect personal data in the police and criminal […]

To establish common rules on data protection and to help implement the Digital Single Market Strategy, the European Union set forth two instruments to reform the 1995 data protection rules (see here): the Gen eral Data Protection Regulation (“GDPR”) the Data Protection Directive to ensure cross-border cooperation and protect personal data in the police and […]

On February 2, 2016, Article 29 Working Party (WP29) released a statement containing “the 2016 action plan for the implementation of the General Data Protection Regulation (GDPR)” that will guide the implementation of the General Data Protection Regulation (GDPR). The document particularly offers guidance on the transition toward the European Data Protection Board (EDPB). In the GDPR, DPAs […]

  On July 16, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), opened a consultation on a data sharing code of practice. The consultation closes on September 9, 2019. The data sharing code is a practical guide for controllers sharing personal data. It gives guidance on the applicable law and provides good […]

    On December 28, 2018, Google won summary judgment in a class action alleging that the company handles images in violation of the Illinois 2008 Biometric Information Privacy Act (BIPA). According to the District Court, “plaintiffs have not suffered an injury sufficient to establish Article III standing and their claims are dismissed.” In a (putative) class […]

  A German subsidiary of H&M was fined over €35 million ($41.3 million) for violation of the GDPR in the use of its employees’ data. It was found that since 2014, H&M had been processing a considerable amount of data about its employees’ persona life (such as holiday experiences, family issues, religious beliefs, and illness […]

On 28 April 2020, the Belgian DPA sanction Proximus SA (previously Belgacom) for €50,000 on two basis:  non-cooperation under Article 31 of the GDPR and violation of Article 38(6) of the GDPR by appointing as DPO the director of one of its departments (Head of Compliance, Risk and Audit). The problem with the latter was conflict […]

On January 31, 2020 the EDPS published Revised Guidelines on personal data and electronic communications in the EU institutions (eCommunications guidelines). Recognizing that for “most people, electronic communications (eCommunications) such as email, internet and telephony, occupy a central role in their day-to-day professional and personal activities” and that “eCommunications are essential for organisations to operate […]

On December 19, 2019, ECJ’s Advocate General (“AG”)Saugmandsgaard Øe delivered his opinion in case Case C‑311/18. In particular, the AG notes that the request for a preliminary ruling submitted by the High Court of Ireland (‘the High Court’) relates to one of the forms that the “appropriate safeguards” may take: a contract between the exporter and the importer […]

On 24 September 2019 the Court of Justice of the European Union (ECJ) issued two decisions  concerning Google: Cases C-507/17 (Google v CNIL) and C-136/17 (GC v CNIL) . See comments to Case C-507/17 here. Apparently, both decisions are a success for Google. Not a complete success in Case C-507/17, however. And not a complete success […]