The EU is close to finalizing the adoption of the Digital Services Act (DSA), which will impose new obligations on digital platforms regarding content moderation, due diligence for illegal content, and advertising transparency. It will entail significant changes to existing EU law in these areas and will impose substantial new compliance burdens on companies in regard to online content.
Continue Reading EU Reaches Political Agreement on Additional New Rules for Digital Platforms in the Digital Services Act
Christopher Olsen
U.S. Supreme Court May End Key FTC Consumer Protection Enforcement Practice
Posted in Privacy
Justices Considered Whether Certain Court-Imposed Monetary Remedies Are Legal
On Wednesday, January 13, 2021, the U.S. Supreme Court heard arguments in the much-anticipated case of AMG v. FTC, which challenges the Federal Trade Commission’s (FTC’s) authority to obtain monetary relief in court under Section 13(b) of the FTC Act. The Court’s decision is likely to have a significant impact on the relief the FTC is able to obtain in federal court proceedings.
Continue Reading U.S. Supreme Court May End Key FTC Consumer Protection Enforcement Practice
The Privacy Impact of the New Brexit Deal
On December 24, 2020, the European Commission (EC) and UK government announced the long-awaited EU-UK Trade and Cooperation Agreement (the Brexit Agreement), which sets out the future relations between the EU and the UK. If approved, the Brexit Agreement will become effective on January 1, 2021, and will have the following repercussions:
Continue Reading The Privacy Impact of the New Brexit Deal
European Commission Issues New SCCs for Data Transfers to Third Countries
Posted in European Union, Privacy
On November 12, 2020, the European Commission (EC) issued a draft version of a new set of Standard Contractual Clauses (New SCCs). The long-awaited New SCCs include several modules that companies can use depending on the transfer scenarios, such as controller-to-controller, controller-to-processor, and processor-to-processor data exports. The New SCCs have also been updated to reflect the high standard for data protection set forth in the General Data Protection Regulation (GDPR) and to take into account the requirements resulting from the Schrems II ruling.
Continue Reading European Commission Issues New SCCs for Data Transfers to Third Countries
EDPB Publishes Draft Recommendations on Supplementary Measures for Data Transfers
On November 11, 2020, the European Data Protection Board (EDPB), comprised of the European data protection regulators (DPAs), issued two long-awaited sets of recommendations. These recommendations are critical for any companies exporting or importing EU personal data.
Continue Reading EDPB Publishes Draft Recommendations on Supplementary Measures for Data Transfers
France’s Administrative High Court Greenlights Microsoft’s Hosting of Health Data in Face of CNIL’s Schrems II Concerns
On October 13, 2020, France’s high administrative court (Conseil d’État, “the Court”) rejected a request to suspend France’s centralized health data platform—the Health Data Hub—currently hosted by Microsoft in its data center in the Netherlands.
In essence, the Court rejected the French DPA’s (CNIL) argument that in light of the important public interest of maintaining a COVID-19 related health database, the risks of access by U.S. authorities, although real, do not justify the suspension of the platform. The judgment provides useful insights in light of the recent Schrems II ruling for organizations transferring health data outside of the EU[1] (for more information on the Schrems II ruling, see our blog post ECJ Invalidates EU-U.S. Privacy Shield and Upholds the Standard Contractual Clauses).
Continue Reading France’s Administrative High Court Greenlights Microsoft’s Hosting of Health Data in Face of CNIL’s Schrems II Concerns