As previously discussed on the Alston & Bird Privacy Blog, the European Commission High-Level Expert Group on Artificial Intelligence released on April 8, 2019 the final version of its Ethics Guidelines for Trustworthy AI. The Guidelines, although not legally binding, are important because they represent the first significant government-initiated effort to influence the use of […]
EU Privacy
Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration
As has been widely reported, in late January the French privacy supervisor CNIL fined Google €50 million for privacy violations relating to targeted marketing using Android user data. One of the core violations the CNIL found was that Google’s Android user interface did not obtain effective, GDPR-compliant consent to targeted marketing from users. The amount […]
Alston & Bird Hosts Webinar on Binding Corporate Rules – The Benefits Go Far Beyond Data Transfers
Binding corporate rules (BCRs) are a legally recognized mechanism that facilitate intra-group transfers of personal data from the European Economic Area (EEA) to the rest of the world. Adopting BCRs not only allows for the free flow of information across an organization but also builds a strong digital culture which is crucial in this data […]
German DPA Announces GDPR Compliance Survey of Large Companies – Translation Provided
Following a two-year grace period, EU General Data Protection Regulation (GDPR) entered into force on May 25, 2018. For many companies, preparing for the GDPR was a multi-year project involving multiple teams and input or assistance from across the organization. On this blog, we have outlined the items we have seen as particularly time- or […]
GDPR Fragmentation May Appear More Significant than Intended
With the entry into application of the GDPR on May 25, 2018, the EU Member States were expected to have adopted national legislation implementing the regulation. To date, however, only 30% of Member States have effectively passed legislation, which still leaves the legal landscape to be precarious. The GDPR allows for deviations and specifications in […]