Yann Padova

Subscribe to Yann Padova's Posts

Individuals are increasingly making use of their right to access their personal data under applicable privacy laws in the EU.

It can be a challenge for companies to handle such requests, and in particular, if a request concerns a complex data set, there are a high number of requests, or the right is exercised for strategic reasons, such as in HR or legal disputes. The right of access is, however, not absolute, and its restrictions vary across Member States, adding further complexity to the matter. How to handle such requests and apply these restrictions is commonly set out in internal policies and procedures. We set out below the current landscape as well as a recent enforcement trend.Continue Reading Weaponization of Data Subject Access Requests in the EU

The Online Safety Bill (OSB or Bill) passed its final reading in the UK’s Parliament in September 2023. The Bill will become law in the coming weeks, ushering in a new era for the regulation of digital services in the UK. Online platforms and search services that fall within the scope of the legislation will be subject to proactive content risk assessment and mitigation duties oriented at protecting users, regardless of where those services are established. The Bill has attracted considerable media attention due to its anticipated impact on the operation of online services in the UK, as well as the potential for it to interfere with freedom of speech.Continue Reading Flagship Online Safety Bill Moves Closer to Enactment in the UK: Who Will Be in Scope and What Will It Require?

On August 24, 2023, some members of the Global Privacy Assembly’s International Enforcement Cooperation Working Group published a joint statement on data scraping (Statement). Signatories to the Statement include the privacy regulators of the UK, Australia, Argentina, Canada, Colombia, Hong Kong, Jersey, Mexico, Morocco, New Zealand, Norway, and Switzerland.[1] Notably absent from the list of signatories were the U.S. Federal Trade Commission and the California Privacy Protection Agency, both of which are accredited members of the Global Privacy Assembly. This seems likely due to First Amendment considerations in the U.S. regarding data scraping, which have led to “publicly available” information being broadly excluded from recent U.S. state privacy laws.Continue Reading Global Regulators Highlight Potential Harms of Data Scraping and Best Practices

On September 6, 2023, the European Commission (EC) returned from its summer break with full force and announced the designation of six tech companies as so-called “gatekeepers” under the EU’s Digital Markets Act (DMA) and

Continue Reading Into the Final Stretch: Six Gatekeepers Confirmed Under the EU’s Digital Markets Acts

On August 9, 2023, the UK’s Information Commissioner’s Office (ICO) and Competition and Markets Authority (CMA) released a joint position paper (the Paper) focused on “harmful” website design practices that may “trick” consumers into giving more access to their personal information. The Paper is targeted at web designers and developers, and it will be particularly relevant to consumer-facing organizations that target the UK market. It builds on joint work that the ICO and CMA have been engaged in since May 2021, when the regulators issued a joint statement promising a “joined up approach to regulation.” Announcing the Paper’s release, the ICO also revealed that it will be assessing cookie banners of the most frequently used websites in the UK, with a view to taking action against harmful designs.Continue Reading UK Regulators Signal Increased Focus on “Damaging” Website Design Practices

On July 10, 2023, the European Commission (EC) adopted an adequacy decision in relation to the EU-U.S. Data Privacy Framework (DPF). This paves the way for organizations to certify to the DPF, reducing friction for transfers of personal data from the EU to the U.S., and allowing companies to simplify their compliance with EU data flow restrictions. It thus represents a major development in the regulation of data flows from the EU to the U.S.Continue Reading EU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified