Board Governance & Cyber Risk Management

Brexit Trade Agreement Provides a Temporary Solution for Companies Transferring Personal Data from the EEA to the UK

January 6, 2021 By Paul Greaves and Wim Nauwelaerts

On December 24, 2020, the EU and the UK reached an agreement on the terms of their future cooperation following the end of the Brexit Transition Period (i.e., following 31 December 2020). The EU-UK Trade and Cooperation Agreement (the ‘Agreement’) contains a temporary solution for companies transferring personal data from the EEA to the UK, […]

SolarWinds Hack: Unparalleled Supply Chain Attack Results in Potential Compromise of Private and Public Sector Organizations

December 17, 2020 By Kim Peretti and Privacy, Cyber & Data Strategy Team

On Sunday, December 13, 2020, SolarWinds announced that it had learned of a “highly sophisticated, manual supply chain attack” by a nation state affecting its Orion Platform, which is used by a wide variety of public and private sector organizations for IT infrastructure monitoring and management. In this attack, adversaries were able to compromise the […]

French data protection regulator fines Google and Amazon for non-compliance with EU cookie rules

December 14, 2020 By Wim Nauwelaerts and Privacy, Cyber & Data Strategy Team

On 7 December 2020, the French supervisory authority CNIL (Commission nationale de l’informatique et des libertés, French data protection authority) imposed substantive fines on Amazon and Google for allegedly placing advertising cookies on the computers of users in France without prior consent or providing adequate information. Amazon Europe Core was fined 35 million euros, and […]

California AG Proposes Regulatory Changes to CCPA

December 10, 2020 By Privacy, Cyber & Data Strategy Team

Today, the California Attorney General’s office provided “Notice of Fourth Set of Modifications” to regulations under the California Consumer Privacy Act. The new proposed regulatory text would modify the current regulations which took effect in August. The latest proposal responds to comments on a prior draft and primarily addresses the presentation of the right to […]

European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses

November 18, 2020 By Paul Greaves, Wim Nauwelaerts and Privacy, Cyber & Data Strategy Team

In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between controllers and processors (‘Clauses’) for the matters referred to in Article 28(3) and (4) of Regulation (EU) 2016/679 (“GDPR”). Article 28(3) and (4) […]