Alston & Bird Privacy, Cyber & Data Strategy Blog

European Union (EU)

The EDPB-EDPS Joint Opinion on Data Processing Standard Contractual Clauses: Key Takeaways

By

When a controller engages a processor, the GDPR requires that the parties enter into a specific contract that contains certain mandatory provisions. This contract is often referred to as a ‘data processing agreement’ or ‘DPA’. To facilitate compliance with this requirement, the GDPR has provided the European Commission with the power to issue standard contractual […]

Brexit Trade Agreement Provides a Temporary Solution for Companies Transferring Personal Data from the EEA to the UK

By and

On December 24, 2020, the EU and the UK reached an agreement on the terms of their future cooperation following the end of the Brexit Transition Period (i.e., following 31 December 2020). The EU-UK Trade and Cooperation Agreement (the ‘Agreement’) contains a temporary solution for companies transferring personal data from the EEA to the UK, […]

EDPB Emphasizes Joint Controllership between Social Media Providers and ‘Targeters’ in Draft Guidance

By

On September 7, 2020, the European Data Protection Board (‘EDPB’) published its draft guidelines on targeting of social media users (the ‘Guidelines’). The EDPB is accepting feedback from stakeholders on the Guidelines until October 19, 2020. The Guidelines not only provide guidance on the obligations of social media providers (‘Providers’) under the EU General Data […]

German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

By and

On August 24, 2020, the data protection authority of the German state of Baden-Württemberg (the “DPA”) published guidance (the “Guidance”) on international transfers of personal data following the Schrems II judgment (which we have previously covered here). This represents the first comprehensive guidance by a European privacy supervisor indicating how it intends to enforce the […]

After Schrems II: A Proposal to Meet the Individual Redress Challenge

By

On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield in the Schrems II case. In an article written by Georgia Tech professor and Alston & Bird Senior Counsel Peter Swire with co-author Kenneth Propp, entitled ‘After Schrems II: A Proposal to Meet the Individual Redress Challenge’, […]