On January 28, 2022, the European Data Protection Board (“EDPB”) published draft regulatory guidelines (“draft guidance”) on the right of data subjects to have access to their personal data under the EU General Data Protection Regulation (“GDPR”). In the draft guidance, the EDPB explains the aim and components of the right. This analysis is followed […]
Data Protection
Major Overhaul of EU Clinical Trial Rules Kicks In on 31 January 2022
On 31 January 2022, the EU Clinical Trial Regulation (CTR) will come into application, almost 8 years after its adoption by the European Parliament and the Council of the EU. The CTR will radically change the regulatory framework for conducting clinical trials in the EU Member States as well as European Economic Area (EEA) countries […]
EDPB Issues New Guidance for Assessing Personal Data Breaches under the EU GDPR
On Monday, 3 January 2022, the European Data Protection Board (“EDPB”) published the finalized version of its regulatory guidance entitled “Examples regarding Personal Data Breach Notification” (the “Guidelines”), following a public consultation on a draft set of guidelines in 2021. The finalized Guidelines are a practice-oriented, and case-based set of examples that leverage the experiences […]
Time to Restore Trust in Data Flows between Countries? Peter Swire Discusses Recent OECD Efforts in Developing Principles for Government Access to Data.
Alston & Bird Senior Counsel Peter Swire recently published an article in Lawfare titled, “Towards OECD Principles for Government Access to Data.” Peter and his co-authors discuss recent efforts of the Organization for Economic Cooperation and Development (OECD) to formulate common principles regulating governmental access to personal data held by the private sector for national […]
NYDFS Issues Guidance on Multi-Factor Authentication
The New York Department of Financial Services (NYDFS) continues to refine its position regarding the importance of and requirements regarding Multi-Factor Authentication (MFA), as evidenced most recently with the release of new guidance. This new guidance is consistent with its June guidance, in which NYDFS clarified its expectation that NYDFS-regulated covered entities subject to 500.12 […]