On September 21, 2023, the UK Government announced the establishment of the “UK-US data bridge” (the Bridge), also known as the UK Extension to the EU-U.S. Data Privacy Framework (the DPF). The announcement promises to simplify compliance issues surrounding the transfer of personal data from the UK to the U.S.
Continue Reading UK-U.S. Data Bridge Commencement Date AnnouncedCédric Burton
Global Regulators Highlight Potential Harms of Data Scraping and Best Practices
By Laura Brodahl, Tom Evans, Yann Padova & Cédric Burton on
Posted in Cybersecurity
On August 24, 2023, some members of the Global Privacy Assembly’s International Enforcement Cooperation Working Group published a joint statement on data scraping (Statement). Signatories to the Statement include the privacy regulators of the UK, Australia, Argentina, Canada, Colombia, Hong Kong, Jersey, Mexico, Morocco, New Zealand, Norway, and Switzerland.[1] Notably absent from the list of signatories were the U.S. Federal Trade Commission and the California Privacy Protection Agency, both of which are accredited members of the Global Privacy Assembly. This seems likely due to First Amendment considerations in the U.S. regarding data scraping, which have led to “publicly available” information being broadly excluded from recent U.S. state privacy laws.
Continue Reading Global Regulators Highlight Potential Harms of Data Scraping and Best PracticesInto the Final Stretch: Six Gatekeepers Confirmed Under the EU’s Digital Markets Acts
On September 6, 2023, the European Commission (EC) returned from its summer break with full force and announced the designation of six tech companies as so-called “gatekeepers” under the EU’s Digital Markets Act (DMA) and…
Continue Reading Into the Final Stretch: Six Gatekeepers Confirmed Under the EU’s Digital Markets ActsMissteps in Mixing EU Data Protection and Competition Law: A Call for Boundaries
By Laura Brodahl, Deirdre Carroll & Cédric Burton on
Posted in Privacy
On June 21, 2023, a request for a preliminary ruling on the scope of the term “undertaking” in Article 83(4) to (6) of the General Data Protection Regulation (GDPR) was lodged with the Court of Justice of the EU (CJEU). This concept is critical for companies facing enforcement action as it is used as a reference point to determine the cap for GDPR fines.
Continue Reading Missteps in Mixing EU Data Protection and Competition Law: A Call for BoundariesUK Privacy Regulator Continues to Focus on Children’s Privacy
By Cédric Burton, Laura De Boel, Maneesha Mithal & Tom Evans on
Posted in Privacy
Updated Guidance for Edtech Providers
The UK Privacy Regulator (ICO) recently updated its guidance on privacy compliance for providers of education technologies (Edtech). This should be seen as a call to action for Edtech providers…
Continue Reading UK Privacy Regulator Continues to Focus on Children’s PrivacyEU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified
By Christopher Kuner, Laura De Boel, Nikolaos Theodorakis, Carol Evrard, Maneesha Mithal, Tom Evans, Matthew Nuding, Yann Padova & Cédric Burton on
Posted in Privacy
On July 10, 2023, the European Commission (EC) adopted an adequacy decision in relation to the EU-U.S. Data Privacy Framework (DPF). This paves the way for organizations to certify to the DPF, reducing friction for transfers of personal data from the EU to the U.S., and allowing companies to simplify their compliance with EU data flow restrictions. It thus represents a major development in the regulation of data flows from the EU to the U.S.
Continue Reading EU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified