Privacy

Subscribe to Privacy via RSS

EU Commission Publishes Template Data Processing Agreement

By Laura Brodahl, Laura De Boel, Jan Dhont, Christopher Foo, Joanna Jużak & Nikolaos Theodorakis on June 18, 2021

Posted in Privacy, Regulatory, Uncategorized

On June 4, 2021, the European Commission published its long awaited new set of Standard Contractual Clauses for outsourced data processing (DPA SCCs). These DPA SCCs are a contract template that organizations can use to comply with the General Data Protection Regulation’s (GDPR) rules on outsourced data processing.
Continue Reading EU Commission Publishes Template Data Processing Agreement

Bavarian SA Finds the Use of SCCs Without Supplementary Measures Unlawful

By Jan Dhont, Nikolaos Theodorakis & Joanna Jużak on April 14, 2021

Posted in European Union, Privacy, Regulatory

On March 15, 2021, the Bavarian Supervisory Authority (SA)^[1] issued a decision regarding the use of Standard Contractual Clauses (SCCs) to transfer personal data from the EU to the U.S. without supplementary security measures. The SA found the data transfer to be unlawful in this case, although it did not impose an administrative fine. The SA’s findings could indicate how European regulators approach the use of SCCs post-Schrems II.
Continue Reading Bavarian SA Finds the Use of SCCs Without Supplementary Measures Unlawful

Booking.com Fined EUR 475,000 for Failure to Timely Notify Dutch Supervisory Authority of Data Breach

By Jan Dhont, Laura Brodahl & Sam Meijer on April 7, 2021

Posted in Cybersecurity, European Union, Privacy

The Dutch supervisory authority (the Autoriteit Persoonsgegevens or AP) sanctioned the online travel booking platform, Booking.com BV (Booking), with a EUR 475,000 fine for failing to notify a data breach to the AP within 72 hours after becoming aware of it, as required by the EU General Data Protection Regulation (GDPR). The decision is available in Dutch here.
Continue Reading Booking.com Fined EUR 475,000 for Failure to Timely Notify Dutch Supervisory Authority of Data Breach

Council of the EU Adopts Its Text on the ePrivacy Regulation

By Cédric Burton, Jan Dhont, Lydia Parnes, Nikolaos Theodorakis, Carol Evrard, Alexandre Lépine & Roberto Yunquera Sehwani on March 5, 2021

Posted in European Union, Privacy, Regulatory

On February 10, 2021, the Council of the European Union (EU) agreed on its version of the draft ePrivacy Regulation (Council Position). The long-awaited ePrivacy Regulation, which will repeal the existing ePrivacy Directive, overhauls the rules on cookies and regulates the use of and access to electronic communications data.
Continue Reading Council of the EU Adopts Its Text on the ePrivacy Regulation

Virginia Legislature Sends Novel Privacy Law to Governor’s Desk

By Tracy Shapiro, Edward Holman & Amanda Irwin on March 1, 2021

Posted in Privacy

Virginia is poised to become the second U.S. state to enact broad consumer privacy legislation. While the legislation draws some parallels with the California Consumer Privacy Act (CCPA) and upcoming California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA) introduces new requirements that go beyond these laws, such as opt-ins to collect sensitive data, opt-outs for targeted advertising, the creation of data protection assessments, and new provisions that must be included in service provider agreements.
Continue Reading Virginia Legislature Sends Novel Privacy Law to Governor’s Desk

The Data Advisor