On April 1, 2026, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) imposed a €100 million fine on MLU B.V., the Dutch operator of the Yango taxi app. The AP found that personal data of EU users was unlawfully transferred to affiliated entities in Russia, despite the formal use of the EU Standard Contractual Clauses […]
GDPR
EU-wide Breach Notification Template On The Horizon
Following their recent meeting in Finland, the EU Data Protection Authorities acting through the European Data Protection Board (EDPB) announced their intention to release new tools and an EU-wide data breach notification template to help companies comply with the requirements of the EU General Data Protection […]
European Commission Moves to Extend Free Flows of Personal Data to the UK
On March 18, 2025, the European Commission proposed to extend its adequacy decision in favor of the United Kingdom (‘UK’) for an additional six-month period. This would allow free flows of personal data from the EU to the UK to continue until December 2025. The existing adequacy decision – which was adopted in 2021 in […]
EDPB Adopts Opinion on the Use of Processors and Sub-processors
On October 7, 2024, the European Data Protection Board (“EDPB”) adopted an opinion on obligations following from the use of processors and sub-processors (the “Opinion”). The EDPB is the body that seeks to ensure harmonised application of the EU GDPR across the European Economic Area (“EEA”) and is comprised of the heads of the data […]
EU Data Protection Regulators Publish Additional Guidance On The EU-U.S. Data Privacy Framework
Last month, the European Data Protection Board – which is composed of the national data protection authorities (‘Supervisory Authorities’) of the countries in the European Economic Area (‘EEA’), as well as the European Data Protection Supervisor (‘EDPS’) – adopted two Frequently Asked Questions (‘FAQ’) documents concerning the EU-U.S. Data Privacy Framework (‘DPF’), aimed at providing […]