The Article 29 Working Party (“WP29”) recently issued an opinion that discusses the processing of employee personal information (Opinion 02/2017). WP29 focuses on the use of new technologies by employers and assesses requirements in light of the upcoming General Data Protection Regulation (“GDPR”). Consent and legal bases to process personal information The WP29 has historically […]
GDPR
Fourth Circuit Court of Appeals Allows Wikimedia Upstream Suit to Proceed
On May 23, 2017, the Fourth Circuit Court of Appeals issued its opinion on Wikimedia foundation v. NSA/CSS. The Court vacated and remanded the NSA’s previously successful motion to dismiss Wikimedia’s Fourth and First Amendment claims against the NSA’s Upstream surveillance program, while a 2-1 majority upheld the dismissal of the eight other organizations joined […]
Swire Discusses European Data Economy at European Political Strategy Centre Policy Hearing
Peter Swire, Alston & Bird Senior Counsel and Nancy J. and Lawrence P. Huang Professor of Law and Ethics at the Georgia Institute of Technology’s Scheller College of Business, recently participated in a policy hearing held by the European Political Strategy Centre, the in-house think tank of the European Commission. Swire joined five other experts […]
French CNIL Releases GDPR Compliance Toolkit
On March 15, 2017, the French data protection authority (CNIL) released its six step- GDPR compliance program together with GDPR-tailored templates for use by companies, the “GDPR Toolkit.” The GDPR Toolkit is helpful for companies because it provides guidance that companies may directly include in their privacy programs. Companies with sophisticated privacy programs may also […]
Working Party welcomes the draft ePrivacy Regulation, yet expresses grave concerns
The Working Party recently issued its first Opinion for 2017, focusing on the EU Commission’s proposed ePrivacy Regulation (WP 247, Opinion 01/2017). The Commission’s proposal, which was published in January this year, aims to modernize the existing ePrivacy Directive (2002/58/EC as amended by 2009/136/EC) which concerns the protection of personal data in the context of […]