Data Protection

French CNIL Launches Public Consultation on Cookie Consent Recommendations

January 17, 2020 By Paul Greaves and Wim Nauwelaerts

On January 14, 2020, the French data protection authority (CNIL) launched a public consultation on its draft recommendations for the collection of consent in the context of cookies and other tracking technologies (the ‘draft Recommendations’). Under EU ePrivacy rules, such technologies generally may not be placed on – or accessed from – users’ devices without […]

Wim Nauwelaerts Authors Summary of EDPB’s Guidelines of the GDPR

January 9, 2020 By Privacy, Cyber & Data Strategy Team

Wim Nauwelaerts, Brussels partner and leader of the firm’s EU Privacy and Data Protection practice, has authored a summary of the European Data Protection Board’s (EDPB) guidelines on the territorial scope of the GDPR. On November 12, 2019, the EDPB adopted the final version of its guidelines – almost one year after they had been […]

Schrems 2.0: Standard Contractual Clauses Declared Valid by EU Advocate General

December 19, 2019 By Wim Nauwelaerts and Privacy, Cyber & Data Strategy Team

The Advocate General’s Opinion of December 19, 2019 deemed valid the Standard Contractual Clauses (SCCs) adopted by the European Commission for the transfer of personal data from controllers to processors. Currently, many companies rely on SCCs as a mechanism for transferring personal data from the EU to non-EU countries in compliance with the GDPR. […]

Treasury Announces Sanctions Against Cybercriminal Group Behind ‘Dridex’ Malware, Offering Mitigation Strategies for Businesses

December 11, 2019 By Privacy, Cyber & Data Strategy Team

On December 5, 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued sanctions against Evil Corp, a Russian cybercriminal organization that is known for distributing the Dridex malware. Dridex is a banking trojan that has been used to target financial institutions across the globe and has resulted in more than $100 million […]

SHIELD Act Overhauls New York’s Data Breach Notification Framework

October 25, 2019 By Privacy, Cyber & Data Strategy Team

On October 23, 2019, New York’s new breach notification provisions came into effect, a result of New York’s passage of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) in July. That Act overhauled New York’s data privacy framework, expanding the list of data elements that are considered “private information” while growing the […]