Tag Archives: EDPB

Meta Receives Record 1.2 Billion EUR Fine and Is Ordered to Suspend Its EU-U.S. Data Transfers

By Laura De Boel on Posted in Cybersecurity, European Union, Privacy, Regulatory
On May 22, 2023, Ireland’s Data Protection Commission (DPC) published its long-awaited decision in the Meta EU-U.S. data transfer case (Decision). In its landmark Decision, the DPC imposed a record 1.2 billion EUR fine and ordered Meta Platforms Ireland Limited (Meta) to suspend any EU-U.S. transfers of personal data within approximately five months. Meta was … Continue Reading

EDPB Issues Guidance on Cookie Banners

By Alexandre Lépine, Michael Kern, Rossana Fol, Cédric Burton and Maneesha Mithal on Posted in Privacy, Regulatory
In January 2023, the European Data Protection Board (EDPB) published a report on cookie banners (Report). The Report provides practical guidance to companies doing business in the EU on how to comply with the EU cookie rules. It deals with issues such as reject-all buttons, pre-ticked boxes, banner design, and withdrawal icons. The Report is … Continue Reading

EU Regulators Define Data Transfers

By Cédric Burton, Jan Dhont, Laura De Boel and Rossana Fol on Posted in European Union, Privacy, Regulatory
They State That Direct Collection of Personal Data by Non-EU Companies Is Not a “Data Transfer” Under the GDPR On November 18, 2021, the European Data Protection Board (EDPB) issued guidelines (Guidelines) that—for the first time—clarify the notion of “data transfer.” Departing from common understanding, the EDPB has determined that there is no data transfer … Continue Reading

EDPB Clarifies Key Health Research Data Protection Rules

By Jan Dhont, Nikolaos Theodorakis and Sam Meijer on Posted in Privacy, Regulatory
On February 2, 2021, the European Data Protection Board (EDPB) issued guidance on the processing of personal data for research purposes in response to questions posed by the European Commission (Document). The Document aims to provide clarity on the application of the General Data Protection Regulation (GDPR) to scientific health research. In particular, the Document … Continue Reading

EDPB Publishes New Guidance for Data Breach Notification

By Laura De Boel, Cédric Burton, Christopher Foo and Maximin Orsero on Posted in Privacy, Regulatory
On January 18, 2021, the European Data Protection Board (EDPB), comprised of all national supervisory authorities (SAs) of the European Union, published draft guidelines for data breach notification1 (the Guidelines). The Guidelines provide useful insight into how regulators apply the General Data Protection Regulation (GDPR) personal data breach notifications rules. Specifically, they describe six common types of … Continue Reading

Draft EDPB Guidelines Clarify the Roles of Parties Processing Personal Data and Call for Detailed Data Processing Agreements

By Cédric Burton, Laura Brodahl, Rossana Fol and Lore Leitner on Posted in Cybersecurity, European Union, Privacy
On September 7, 2020, the European Data Protection Board (EDPB) published draft guidelines (Guidelines) intended to clarify the roles of the parties processing personal data and when they are operating as controllers, joint controllers, or processors under the EU General Data Protection Regulation (GDPR).… Continue Reading

EDPB Adopts Updated Consent Guidance

By Jan Dhont and Josephine Jay on Posted in European Union, Privacy
On May 4, 2020, the European Data Protection Board (EDPB) adopted new guidelines (the guidelines) regarding the use of consent as a legal basis for processing personal data under the General Data Protection Regulation (GDPR).[1] The guidelines update and replace the Article 29 Working Party’s April 2018 guidance on the same topic. The guidelines remain … Continue Reading

The EDPB Responds to the European Commission’s Recommendation on COVID-19 Mobile Apps

By Jan Dhont, Nikolaos Theodorakis and Christopher Foo on Posted in Cybersecurity, Privacy
On April 14, 2020, the European Data Protection Board (the EDPB) published a letter in response to the European Commission’s call for consultation (the letter) regarding its recommendation on the use of mobile applications and location data to fight the COVID-19 outbreak. As previously reported in our blog post, the European Commission’s recommendation sets out a “toolbox” of measures … Continue Reading

Non-EEA Based Vendors Caught by GDPR’s Long-Arm Provisions

By Jan Dhont and Nikolaos Theodorakis on Posted in Privacy
The General Data Protection Regulation (GDPR) does not just impact companies located in the European Economic Area (EEA). It has a “long-arm” provision which may subject foreign companies to its jurisdiction. There is a fair amount of uncertainty regarding how this provision may be applied. The European Data Protection Board (EDPB) has recently issued updated … Continue Reading

The CNIL Announces Its 2019-2020 Action Plan on Ad Targeting

By Cédric Burton, Jan Dhont, Rossana Fol and Josephine Jay on Posted in European Union, Privacy, Regulatory
On June 28, 2019, the French Data Protection Authority (CNIL) released its 2019-2020 action plan on ad targeting (action plan);1 among other things, the CNIL announced that it will issue new cookie guidance later this month and that, once the guidance is published, companies will have a 12-month grace period to come into compliance. Background … Continue Reading

EDPB Opinion on Consent and Legal Basis in Clinical Trials

By Cédric Burton, Jan Dhont, Lore Leitner and Elli Laine on Posted in Clinical Trial, Cybersecurity, European Union, Regulatory
On January 23, 2019, the European Data Protection Board (EDPB) issued an opinion (Opinion) on the interplay between the Clinical Trial Regulation (CTR) and the General Data Protection Regulation (GDPR), an issue which has been the subject of intense debate and that resulted in a draft, and still non-public, FAQ prepared by the EU Commission. … Continue Reading
LexBlog