EU Regulation
European Commission Adopts Adequacy Decision for EU-US Data Privacy Framework
On July 10, 2023, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (Framework). The adequacy decision concludes the long process to open up new means by which companies transfer personal data from the European Economic Area (EEA) to the United States.
The Framework will be administered by the US Department…
The Cost of a Click: Microsoft fined 60 Million Euros by French Privacy Watchdog for French Data Protection Act Violations
On December 22, 2022, France’s National Commission for Technology and Freedoms (“CNIL”) fined Microsoft’s Irish subsidiary 60 million euro for failure to comply with Article 82 of the French Data Protection Law (known as the “Loi Informatique et Libertés”). Article 82 is France’s implementation of the EU’s ePrivacy Directive, and it generally requires that any…
European Court Puts the Brakes on AML Directive: Public Access to Beneficial Ownership Database Violates European Privacy Laws
Ruling Could Influence FinCEN in Forthcoming Regulations Under the CTA
On November 22nd, an appeals court in Luxembourg issued a decision that highlights the tensions between anti-money laundering (“AML”) goals and privacy concerns, and could impact impending beneficial ownership regulations to be issued under the U.S. Corporate Transparency Act (“CTA”). Specifically, the appeals court decided…
The European Commission’s Adoption of New SCCs
On June 4, 2021, the European Commission adopted an updated and long-awaited set of standard contractual clauses (SCCs) for the international transfer of personal data. The previous SCCs were created prior to the implementation of the EU General Data Protection Regulation (GDPR) and required substantive revisions to bring them in line with the GDPR and the Court of Justice of the European Union’s July 2020 Schrems II decision (previously covered here).
Continue Reading The European Commission’s Adoption of New SCCs
Privacy Shield Invalidated by the European Court of Justice
On July 16, 2020, the European Court of Justice (Court) ruled in the “Schrems II” case that the one of the most commonly used cross border data transfer mechanisms between the European Union (EU) and the United States (US), the EU-US Privacy Shield Framework (Privacy Shield), has been invalidated. The Court reasoned that when transferring…
Making Sense of EU Cookie Law in the Wake of CJEU’s Planet49 Ruling
The perplexing question of what U.S. companies must do to comply with EU “cookie” law became slightly more clear with the recent decision of the European Court of Justice (CJEU) in Planet49 GmbH, but numerous questions still remain. A main source of confusion about cookies is the interplay between two EU privacy laws, the…
Cookie Audit from Bavarian Data Protection Authority May Serve As GDPR Warning
Following numerous privacy complaints, the State Office for Data Protection Supervision (BayLDA) recently conducted a random audit on 40 companies and found widespread problems with their cookie disclosures. The purpose of the audit was to determine whether website users were able to obtain transparent information regarding the use and tracking of their information by third-party…
The Differing US and EU Regulatory Responses to the Rise in Algorithmic Profiling
The online world is increasingly shaped by forces beyond our control. Algorithmic processing agents are used by a wide range of web publishers, online retailers and social media companies to determine the kinds of stories that are feature to online readers, the advertisements that are targeted to online shoppers, and the search results they see,…
Using the GDPR to Comply with the California Consumer Privacy Act
Just as many US businesses were scrambling to meet GDPR compliance, California quickly passed a broad new privacy act, giving businesses another privacy compliance headache. We’ve previously blogged on the dramatic history behind the eleventh-hour passage of the California Consumer Privacy Act (CCPA), so we won’t rehash that story here. Instead, the focus of this post will be on the overlap between the CCPA and the GDPR.
Continue Reading Using the GDPR to Comply with the California Consumer Privacy Act