As application of the European Union’s (EU’s) General Data Protection Regulation (GDPR)1 quickly approaches, the enforcement authority of the European data protection authorities (DPAs) is rightfully on everyone’s mind. The power to issue monetary fines against non-compliant entities of up to four percent of the entity’s past year worldwide turnover is one of the GDPR’s most striking provisions.2 But, the GDPR also includes a provision that may prove to be equally important: giving individuals the right to bring collective legal action against non-compliant entities. If these collective actions become common, understanding by whom, under what grounds, and where these suits may be brought will be critical in assessing the importance of compliance and the benefits and risks of launching European data initiatives.
Continue Reading GDPR—Collective Actions Under the Privacy Banner
GDPR—Collective Actions Under the Privacy Banner
2018 promises to be an interesting year in the world of privacy and cybersecurity. In this article, we highlight a few of the most notable developments we expect this year, including major developments in Europe, changes and pending cases at the Federal Trade Commission (FTC), notable U.S. Supreme Court cases scheduled to be decided this year, and some areas of legislation that actually may become law in the U.S.
Complying with UK and EU data privacy regulations often presents a significant challenge for start-ups based in those regions. UK and EU start-ups expanding to the U.S. similarly need to be aware of U.S. data
On October 18, 2017, the European Commission (EU Commission) published its 
On October 3, 2017, the High Court of Ireland issued its decision in Data Protection Commissioner vs Facebook and Schrems concerning the validity of the EU Standard Contractual Clauses (SCCs)—a mechanism used by a very