Author Archives: Jon Filipek

Jon Filipek
Jon Filipek is a counsel in the Brussels office, working in the firm’s Privacy & Data Security Group. Jon’s practice focuses on European Union regulatory law, with a particular emphasis on EU data protection and privacy compliance.  Read More

Italy Imposes Record Data Protection Fines

Written by
On March 10, Italy’s data protection authority, Il Garante per la protezione dei dati personali (the “Garante”), announced that it had ordered fines totaling more than €11 million on five companies operating in the money transfers sector for breach of Italian data protection law.   The sanctions have been described as the largest privacy fines ever imposed in the European Union. The Garante’s review grew out of an investigation by the Guardia di Financia, Italy’s financial police, of potential money-laundering violations by UK-based Sigue Global Service Limited (“Sigue”) and [...] Read more

Article 29 Working Party Identifies GDPR Implementation Priorities for 2017

Written by
In a press release published on January 16, 2017, the Article 29 Working Party (“WP 29”) has outlined its strategy for 2017 on implementation of the General Data Protection Regulation (“GDPR”). WP29’s “2017 GDPR Action Plan” identifies the following priorities, objectives, deliverables and activities for the coming year: 2016 Follow-Up.  WP29 will finalize work commenced in 2016 on: (i) data protection certification mechanisms; (ii) processing activities likely to result in “high risk” processing and Data Protection Impact  Assessments; (iii) administrative fines; (iv) [...] Read more

EU-U.S. Privacy Shield Faces Judicial Attack

Written by
The EU-U.S. Privacy Shield (“Privacy Shield”) is already under challenge before the European courts, after having been approved only some months ago by the European Commission (“EU Commission”). The European courts’ website records that an action for annulment has been brought by Digital Rights Ireland, the privacy and digital rights advocacy organization, before the General Court of the European Union.  A spokesperson for the court has confirmed that Digital Rights Ireland’s application seeks annulment of the EU Commission’s July 12, 2016 Privacy Shield decision, which found [...] Read more

EU-US Privacy Shield – FAQs

Written by , and
Today, the European Commission (“EU Commission”) formally approved a new transatlantic framework for the transfer of personal data from Europe to the United States (“U.S.”) (the “Privacy Shield”). Under the EU Commission’s decision approving the new framework ( the “Adequacy Decision”), U.S. organizations participating in the Privacy Shield will be deemed to ensure an “adequate level of protection” for the transfers of personal data from Europe to the U.S.. The Privacy Shield is the result of extensive negotiations between the EU Commission and the U.S. Department of Commerce [...] Read more

UK Regulator Elaborates Plans for Extensive Guidance on GDPR Compliance

Written by
The UK Information Commissioner’s Office (“ICO”) has provided details on its plans to provide guidance to organizations on compliance with the European Union’s General Data Protection Regulation (“GDPR”), which will apply EU-wide as from 25 May 2018. The ICO’s work plan involves three overlapping “phases.” Over the next six months, priority outputs will include ICO guidance on the following items: GDPR Overview Individuals’ rights Contracts Consent Privacy notices code of practice During this time-frame, the ICO will also contribute to European level guidance [...] Read more

GDPR Published Today, Commencing Two-Year Countdown to Application

Written by and
One of the most important EU legislative initiatives in recent years, and a landmark in privacy regulation worldwide, the GDPR is set to replace the Data Protection Directive (95/46/EC) of 1995.  After the Council of Ministers accelerated the voting timetable for GDPR passage and the Parliament approved the GDPR in an up-or-down vote, all eyes were on the GDPR’s publication to begin setting compliance timetables. Today, the final and as-approved version of the GDPR was published in the EU’s Official Journal.  The Official Journal version of the GDPR can be downloaded here. With that, [...] Read more

Turkey’s New Data Protection Law

Written by and
Turkey’s new “Law on the Protection of Personal Data” has entered into effect following passage by the Turkish Parliament in late March and official publication last week.  The Data Protection Law adopts a broadly European model for data protection and helps clarify key aspects of the regulation of personal data under Turkish law. This blog post examines the law and highlights certain important provisions. Scope The Data Protection Law applies to the “personal data” of natural persons where that personal data is processed “wholly or partly by automatic means,” and to non-automatic [...] Read more

European Commission Debuts EU-U.S. Privacy Shield

Written by
In a development eagerly anticipated by businesses on both sides of the Atlantic, the European Commission has published the legal instruments needed to put in place the “EU-U.S. Privacy Shield” for transfers of personal data from Europe to the United States.  The issued documents include a draft adequacy decision by the Commission finding that the Privacy Shield provides an adequate level of protection for data transferred under the arrangement and a series of annexes that set out the applicable details and procedures as well as commitments undertaken by the U.S. government to ensure the Privacy [...] Read more

Article 29 Working Party announces its 2016 Action Plan for GDPR Preparedness

Written by and
During a press conference held on February 3, 2016, the President of the Article 29 Working Party (“Working Party”) discussed the Working Party’s 2016 action plan concerning the new General Data Protection Regulation (“GDPR”). The action plan lays out the groundwork required to prepare the DPAs for their new role under the GDPR and to ensure a smooth transition as the Working Party, established under the Data Protection Directive, is superseded by the European Data Protection Board (“EDPB”). The EDPB will be tasked mainly with ensuring a coordinated and consistent application of the [...] Read more

The EU General Data Protection Regulation – Europe Adopts Single Set of Privacy Rules

Written by and
On December 15, 2015, following four years of close, sometimes contentious, review, the EU institutions agreed upon the text of the General Data Protection Regulation (the “GDPR”).  One of the most important EU legislative initiatives in recent years, the GDPR is also a landmark in privacy regulation worldwide. As from the time the GDPR takes effect – most likely in early 2018 – data protection regulation for most of Europe will largely proceed from a single set of rules. The GDPR will replace the Data Protection Directive (95/46/EC) (the “Directive”), adopted in 1995, which was [...] Read more