European Union (EU)

German DPAs Issue DPIA Blacklists; Many Companies Likely to be Affected

May 30, 2018 By Daniel Felz

The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to individuals’ privacy. DPIAs constitute an important aspect of GDPR compliance, as they arguably replace the notifications of processing systems and […]

Irish High Court Refers Schrems 2.0 to the ECJ

April 13, 2018 By Privacy, Cyber & Data Strategy Team

On April 11, Justice Caroline Costello of the Irish High Court referred the Schrems 2.0 case to the Court of Justice of the European Union (ECJ) with 11 questions for the ECJ to answer. Per Justice Costello, the sole issue in the case is whether the European Commission’s Decisions regarding standard contractual clauses (SCCs) are […]

Council of the European Union publishes new draft ePrivacy Regulation

March 30, 2018 By Privacy, Cyber & Data Strategy Team

The Council of the European Union published a new draft of the ePrivacy Regulation (link here) for discussion purposes on 22 March. This draft aims to facilitate discussions as we are moving towards the final version of the ePrivacy Regulation. As such, the changes outlined below are not final, but rather indicative of the direction […]

Belgian Court Uses Novel Argument to Assume International Jurisdiction over Non-EU Facebook Entities

March 21, 2018 By Daniel Felz and Privacy, Cyber & Data Strategy Team

On February 16, 2018, the Brussels Court of First Instance rendered a judgment in proceedings brought by the Belgian Privacy Commission’s against Facebook. The case forms one part of two-tiered litigation brought by the Commission in regards to alleged monitoring practices vis-à-vis Belgian internet users. In parallel to the proceedings that resulted in the judgment […]

100 Days Until GDPR Effective Date – Sharing Our GDPR Experience

February 14, 2018 By Daniel Felz and Privacy, Cyber & Data Strategy Team

In less than 100 days, the General Data Protection Regulation (GDPR) will go into effect. This means that as of May 25, 2018, each national Supervisory Authority will have the authority to apply and enforce the GDPR. The GDPR raises the bar in terms of requirements substantially higher than the Data Protection Framework Directive. For […]