European Privacy & Cybersecurity

Schrems 2.0: CJEU invalidates EU-US Privacy Shield and emphasizes exporter obligations when using Standard Contractual Clauses

July 16, 2020 By Paul Greaves and Wim Nauwelaerts

Executive Summary Today, the Court of Justice of the European Union (‘CJEU’) handed down its long-awaited judgment in the ‘Schrems 2.0’ case (Facebook Ireland and Schrems (Case C-311/18)), about the validity of two means of legitimizing transfers of personal data outside the EEA under the EU General Data Protection Regulation (‘GDPR’)[1]. In somewhat of a […]

Marking GDPR Anniversary, Peter Swire Warns About EU-US Data Transfer Challenges

May 28, 2020 By Privacy, Cyber & Data Strategy Team

On May 25, the European General Data Protection Regulation (GDPR) ended its second full year in effect. To mark the occasion, the International Association of Privacy Professionals collected expert perspectives on the impact and future of the GDPR, including an essay by Alston & Bird Senior Counsel Peter Swire. In his contribution, Swire highlights the […]

European Data Protection Board Clarifies Guidelines on Consent to Address ‘Cookie Walls’ and ‘Scroll-to-Accept’ Practices

May 13, 2020 By Paul Greaves

On May 4, 2020, the European Data Protection Board (‘EDPB’) adopted updated guidelines on the meaning of ‘consent’ under the EU’s General Data Protection Regulation (‘GDPR’). The two key changes clarify that: Websites and other services may not use ‘cookie walls’, as these do not permit valid consent to be collected. ‘Cookie walls’ require the […]

Location and Mobile Data in the Fight against COVID-19 – An Overview of U.S. and Global Efforts

April 11, 2020 By Daniel Felz and Privacy, Cyber & Data Strategy Team

Governments are increasingly seeking to leverage consumer geolocation and other mobile device data to assist with fighting the spread of COVID-19, as cases continue to mount globally. Location data can be of significant value to public health models, such as models that determine areas where social-distancing measures are needed or test whether such measures are […]

UK ICO publishes the final version of its Age Appropriate Design Code

February 6, 2020 By Paul Greaves and Wim Nauwelaerts

On January 21, 2020, the UK ICO published the final version of its Age Appropriate Design Code (the “Design Code”), which sets out 15 standards that online services should meet to protect children’s privacy. The Design Code is not only applicable to online services squarely aimed at children, but also covers online services likely to […]