Cédric Burton

Status Update on the EU Data Protection Regulation

By Christopher Kuner, Cédric Burton & Laura De Boel on July 15, 2015

On June 15, 2015, the Ministers of Justice of all 28 European Union member states, sitting as the Council of the EU (Council), reached a crucial agreement for the future EU data protection legal framework. Much work still needs to be completed, but this is a major step forward in the adoption of the EU General Data Protection Regulation (Regulation).

The Regulation introduces important changes to EU data protection law that will have a significant impact on companies doing business in the EU. While the timing of final approval is still unknown, the fact that the Council has reached a general approach significantly increases the chances that the final text of the Regulation will be adopted in the foreseeable future. To learn more about the practical implications for businesses and how to prepare for the new legal framework, please join our webcast on July 15.
Continue Reading Status Update on the EU Data Protection Regulation

EU Data Protection Regulators Issue Guidance on the Internet of Things and Device Fingerprinting

By Cédric Burton & Laura De Boel on February 15, 2015

Posted in European Union, Privacy

ThinkstockPhotos-149480786-web The European data protection regulators, the Article 29 Working Party (WP29), recently issued two guidance papers which clarify the data protection legal framework applicable to the Internet of Things (IoT) and to the use of device fingerprinting. Both opinions underline WP29’s current focus on data-driven innovations. This article highlights the key takeaways from these two opinions.
Continue Reading EU Data Protection Regulators Issue Guidance on the Internet of Things and Device Fingerprinting

EU Data Protection Regulators Issue Several Opinions on Key EU Data Protection Issues

By Christopher Kuner & Cédric Burton on July 15, 2014

Posted in European Union, Regulatory

The body of European data protection regulators known as the Article 29 Working Party (WP29) has been exceptionally prolific lately. In April 2014, WP29 adopted no less than five opinions and issued a number of other statements and letters on various topics. While not directly binding, WP29’s publications offer insight into the regulators’ views, which are generally a good indication of how the regulators will seek to apply the law.

In this article, we provide an overview of the most important documents issued. We discuss Opinion 5/2014 on anonymization,¹ Opinion 6/2014 on legitimate interests as a basis for processing,² the letter to Commissioner Viviane Reding on data transfers from the EU to the U.S.,³ and the letter to the Council of the EU on the one-stop-shop mechanism.⁴
Continue Reading EU Data Protection Regulators Issue Several Opinions on Key EU Data Protection Issues

UK Information Commissioner’s Office Issues Guidance for App Development

By Cédric Burton on March 15, 2014

Posted in European Union, Privacy

In December 2013, the United Kingdom’s Information Commissioner’s Office (ICO) issued “Privacy in Mobile Apps–Guidance for App Developers.”¹ According to the ICO, the guidance is not only relevant for apps used on mobile devices such as smartphones and tablets, but also for “other devices using similar app technology, for instance living-room devices such as smart TVs or games consoles.”

The guidance is addressed to organizations developing apps for the UK market, regardless of their location. However, it addresses key EU privacy issues and may be useful for any organization developing apps for individuals located in the European Union (EU). In addition, the ICO guidance should be read together with the opinion on mobile apps issued by the Article 29 Working Party (the body of European data protection regulators) in March 2013, a summary of which we have provided here.² Listed below are the key takeaways and recommendations from the guidance.
Continue Reading UK Information Commissioner’s Office Issues Guidance for App Development

Status of the EU Regulation and the Safe Harbor Framework

By Cédric Burton & Anna Pateraki on March 15, 2014

Posted in European Union, Regulatory

On February 20, 2014, two of our Brussels-based attorneys specializing in European privacy and data security—Cédric Burton and Chris Kuner—presented a webcast titled “Update on EU Data Protection Law,” with a particular focus on the U.S.-EU Safe Harbor Framework (Safe Harbor).¹ The following article summarizes the session and includes a few key takeaways.
Continue Reading Status of the EU Regulation and the Safe Harbor Framework

European Regulators Opine on “Purpose Limitation” Principle – What Constitutes “Compatible Use” in the Context of Big Data?

By Cédric Burton on May 15, 2013

Posted in Cybersecurity, European Union

On April 2, 2013, the European data protection regulators (the “Article 29 Working Party” or the “WP29”) issued a 70-page opinion providing guidance on how to comply with the core EU data protection principle of “purpose limitation.”¹ This opinion gives a good indication of how EU regulators would apply their national data protection law to specific processing activities such as email marketing, behavioral advertising, profiling, and tracking of user behavior and big data. It is relevant for companies of all sizes, including non-EU-based companies, offering online services to users in the EU, since the EU regulators tend to take a broad approach regarding the applicability of EU data protection law.² This article addresses certain aspects of the opinion.³
Continue Reading European Regulators Opine on “Purpose Limitation” Principle – What Constitutes “Compatible Use” in the Context of Big Data?

The Data Advisor