Laura Brodahl

New Draft Guidance on Binding Corporate Rules for Controllers

By Laura Brodahl & Laura De Boel on December 19, 2022

Posted in European Union, Privacy, Regulatory

On November 15, 2022, the European Data Protection Board (EDPB) adopted draft recommendations (here) for data controllers when applying for approval of their binding corporate rules for international data transfers (Recommendations).

Binding corporate…

EU Court Opinion: Competition Authorities May Consider Data Protection Breaches in Their Investigations

By Petros Vinis, Deirdre Carroll, Nikolaos Theodorakis, Laura Brodahl, Laurine Daïnesi Signoret & Mia Gal on November 10, 2022

Posted in European Union, Privacy

On September 20, 2022, an adviser to the EU’s top court opined that competition authorities may consider a company’s compliance with the EU’s data protection rules as part of an abuse of dominance investigation.

In…

Belgian DPA Finds That IAB Europe’s Cookie Consent Framework Violates the GDPR

By Laura Brodahl, Cédric Burton, Carol Evrard & Alexandre Lépine on February 8, 2022

Posted in European Union, Privacy, Regulatory

On February 2, 2022, the Belgian Data Protection Authority (DPA) found that the Interactive Advertising Bureau Europe (IAB) Transparency & Consent Framework (TCF), a tool used to record individuals’ online ad preferences, violates the General Data Protection Regulation (GDPR). The DPA fined IAB Europe €250,000 (approx. USD 280,000), and required IAB Europe to present an action plan to bring the TCF into compliance within two months. To reach this conclusion, the DPA concluded that:
Continue Reading Belgian DPA Finds That IAB Europe’s Cookie Consent Framework Violates the GDPR

Belgian Data Protection Authority Clarifies Key Rules on Biometric Data Processing

By Laura Brodahl, Laura De Boel & Joanna Jużak on January 18, 2022

Posted in Cybersecurity, Privacy

On December 6, 2021, the Belgian Data Protection Authority (Belgian DPA) issued its recommendation on biometric data processing (Recommendation).^[1] The Recommendation provides guidance on how to comply with the General Data Protection Regulation (GDPR) when processing biometric data.
Continue Reading Belgian Data Protection Authority Clarifies Key Rules on Biometric Data Processing

EU Commission Publishes Template Data Processing Agreement

By Laura Brodahl, Laura De Boel, Jan Dhont, Christopher Foo, Joanna Jużak & Nikolaos Theodorakis on June 18, 2021

Posted in Privacy, Regulatory, Uncategorized

On June 4, 2021, the European Commission published its long awaited new set of Standard Contractual Clauses for outsourced data processing (DPA SCCs). These DPA SCCs are a contract template that organizations can use to comply with the General Data Protection Regulation’s (GDPR) rules on outsourced data processing.
Continue Reading EU Commission Publishes Template Data Processing Agreement

A New Data Transfer Mechanism Is Available for EU Personal Data

By Jan Dhont, Laura Brodahl, Laura De Boel, Cédric Burton, Sam Meijer, Carol Evrard & Joanna Jużak on June 4, 2021

Posted in Uncategorized

New Set of SCCs for Data Transfers to Third Countries

On June 4, 2021, the European Commission (EC) published its long awaited new set of Standard Contractual Clauses (New SCCs). This new data transfer mechanism allows for the transfers of personal data outside of the European Economic Area (EEA) and replaces the current Standard Contractual Clauses (current SCCs). The New SCCs take into account the European Court of Justice’s (CJEU) Schrems II ruling, which invalidated the EU-U.S. Privacy Shield and requires that data exporters and importers take measures to ensure that the SCCs are effectively complied with.
Continue Reading A New Data Transfer Mechanism Is Available for EU Personal Data

The Data Advisor