CNIL Issues Updated Cookie Guidance

Cédric BurtonJan DhontLore LeitnerBy Cédric Burton, Jan Dhont, Lore Leitner and Alexandre Lépine on Posted in European Union, Privacy, Regulatory

On October 1, 2020, the French data protection authority (the CNIL) issued the final version of its guidelines on the use of cookies and other trackers (the Guidelines), replacing a first draft published on July 4, 2019. While the main principles remain unchanged, this version provides further practical guidance for website and mobile application publishers using cookies and trackers. The CNIL indicated that the deadline for compliance with the new rules should not exceed six months, which means that companies have until March 2021 to ensure compliance. Continue Reading

U.S. Government Publishes White Paper on International Data Transfers Following Schrems 2.0 Judgment

Jan DhontNikolaos TheodorakisBy Jan Dhont, Nikolaos Theodorakis and Roberto Yunquera Sehwani on Posted in Privacy, Regulatory

On September 28, 2020, the U.S. Department of Commerce (DoC) published a white paper co-authored by the U.S. Department of Justice (DoJ) and the Office of the Director of National Intelligence (white paper)[1] which provides information on the safeguards under U.S. law to limit the collection of data from private companies by U.S. intelligence services. The white paper addresses concerns raised by the EU Court of Justice (ECJ) when it invalidated the EU-U.S. Privacy Shield framework (Privacy Shield) and imposed certain conditions on the use of Standard Contractual Clauses (SCCs). Continue Reading

Draft EDPB Guidelines Clarify the Roles of Parties Processing Personal Data and Call for Detailed Data Processing Agreements

Cédric BurtonLaura BrodahlRossana FolLore LeitnerBy Cédric Burton, Laura Brodahl, Rossana Fol and Lore Leitner on Posted in Cybersecurity, European Union, Privacy

On September 7, 2020, the European Data Protection Board (EDPB) published draft guidelines (Guidelines) intended to clarify the roles of the parties processing personal data and when they are operating as controllers, joint controllers, or processors under the EU General Data Protection Regulation (GDPR). Continue Reading

EDPB Issues Guidelines on Social Media Targeting Under GDPR

Cédric BurtonChristopher OlsenBastiaan SuurmondNikolaos TheodorakisBy Cédric Burton, Christopher Olsen, Bastiaan Suurmond, Nikolaos Theodorakis and Alexandre Lépine on Posted in European Union, Privacy, Regulatory

On Monday September 7, 2020, the European Data Protection Board (EDPB) issued draft Guidelines 8/2020 on the targeting of social media users (the “Draft Guidelines”). The Draft Guidelines have far-reaching implications for social media platforms, advertisers, and adtech companies, as they will result in a clarification of the roles and responsibilities of the key stakeholders, and establish rules for consent.

The Draft Guidelines are open for public consultation until October 19, 2020. Interested companies can submit their comments to the EDPB. Continue Reading

Initial Reaction of European Data Protection Regulators to Schrems 2.0 Judgment

Christopher FooJosephine JayLore LeitnerNikolaos TheodorakisChristopher OlsenCédric BurtonBy Christopher Foo, Josephine Jay, Lore Leitner, Nikolaos Theodorakis, Christopher Olsen, Cédric Burton and Alexandre Lépine on Posted in European Union, Privacy

Over the last few days, the European Data Protection Board (EDPB), the European Data Protection Supervisor (EDPS) and various Supervisory Authorities (SAs) across Europe issued statements addressing the decision of the European Court of Justice (ECJ) to invalidate the EU-U.S. Privacy Shield framework (Schrems 2.0). Below we summarize some of the main reactions.

The EDPB is working on a set of FAQs that will hopefully provide some level of clarification on key issues that companies now face. The EDPB is meeting on July 22 and 23, and we expect the FAQs to be published shortly thereafter. We will report on these FAQs as soon as they are issued. Continue Reading

ECJ Invalidates EU-U.S. Privacy Shield and Upholds the Standard Contractual Clauses

Jan DhontNikolaos TheodorakisBastiaan SuurmondBy Jan Dhont, Nikolaos Theodorakis and Bastiaan Suurmond on Posted in European Union, Privacy

On July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield framework (Privacy Shield) invalid. The ECJ upheld the EU Standard Contractual Clauses (SCCs), but ruled that companies must verify prior to any transfer using SCCs that the parties can effectively provide the level of protection required by EU law. Continue Reading

LexBlog

We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content. For more information or to opt-out, visit our privacy policy.

I agree