Tag Archives: EU

UK Brings Forward Legislation to Streamline the GDPR

In March 2023, the UK government published the Data Protection and Digital Information (No. 2) Bill (the bill). If enacted, the bill will introduce significant changes to the UK’s data protection laws, with the aim of introducing a simple, clear, and business-friendly framework, while maintaining high data protection standards.… Continue Reading

EDPB Issues Guidance on Cookie Banners

In January 2023, the European Data Protection Board (EDPB) published a report on cookie banners (Report). The Report provides practical guidance to companies doing business in the EU on how to comply with the EU cookie rules. It deals with issues such as reject-all buttons, pre-ticked boxes, banner design, and withdrawal icons. The Report is … Continue Reading

European Commission Seeks Companies’ Input on GDPR Enforcement

On February 24, 2023, the European Commission (EC) opened a public consultation on its initiative (Initiative) to revise procedural rules relating to the enforcement of the EU General Data Protection Regulation (GDPR). The EC invites companies to give feedback on the Initiative by March 24, 2023.… Continue Reading

EU Regulators Adopt Opinion on Draft EU-U.S. Data Privacy Framework

Since the invalidation of the Privacy Shield framework in 2020 in the “Schrems II” case, the EU and the U.S. have been working to set up a new framework for data flows from the EU to the U.S. A draft of a new “Data Privacy Framework” (DPF), which is designed to serve as the basis … Continue Reading

DSA: European Commission Publishes Guidance on Requirement to Publish User Numbers Ahead of February 17, 2023, Deadline

On February 1, 2023, the European Commission (EC) published Guidance on the requirement to publish user numbers under the Digital Services Act (DSA).1 The Guidance contains important information for providers of online platforms and online search engines that are required to publish the average monthly number of recipients of their service by February 17, 2023.… Continue Reading

Council of the EU Proposes Amendments to Draft AI Act

On December 6, 2022, the European Union’s (EU) Regulation on Artificial Intelligence (AI Act) progressed one step towards becoming law when the Council of the EU (the Council) adopted their amendments to the draft act (Council General Approach). The European Parliament (Parliament) must now finalize their common position before interinstitutional negotiations can begin.… Continue Reading

EU Introduces Legislative Proposal to Collect Data from Short-Term Accommodation Platforms

On November 7, 2022, the European Commission (EC) published its proposal for a regulation on data collection and sharing for short-term accommodation rental services (proposal). The proposal includes data sharing and website design requirements for online platforms providing short-term accommodation rental services. It also prompts EU countries to create a harmonized registration process for hosts providing such … Continue Reading

Some Light Holiday Reading: Draft Procedural Guidance on the EU’s Digital Market Act Open for Consultation

On December 9, 2022, the European Commission (EC) published its draft Digital Markets Act (DMA) Implementing Regulation, which will be open for public comment until January 6, 2023. The package is designed to give guidance on the practical aspects of gatekeeper designation and sets out the information required from gatekeepers and their procedural rights. The … Continue Reading

EU Court Opinion: Competition Authorities May Consider Data Protection Breaches in Their Investigations

On September 20, 2022, an adviser to the EU’s top court opined that competition authorities may consider a company’s compliance with the EU’s data protection rules as part of an abuse of dominance investigation. In his Opinion (Opinion), Advocate General (AG) Athanasios Rantos of the EU’s Court of Justice (CJEU) noted that competition authorities do not have … Continue Reading

European Union Adopts Flagship Digital Services Act

On October 27, 2022, the Digital Services Act (DSA) was published in the Official Journal of the European Union, sweeping in a new era in the regulation of digital services. (See Wilson Sonsini’s DSA Fact Sheet.) The DSA applies to providers of digital services, including those based outside the EU that provide services to users in the … Continue Reading

Formal Publication of the DMA and Timelines for Compliance

On October 12, 2022, the EU Digital Markets Act (DMA) was published in the Official Journal of the European Union (see here), giving clarity as to when the new rules will apply. The DMA will enter into force on November 1, 2022, and it will become fully applicable in May 2023. At that point, the gatekeeper … Continue Reading

European Commission Proposes New EU Cybersecurity Rules for Software and Hardware Products

On September 15, 2022, the European Commission (EC) published a Proposal for a Cyber Resilience Act (CRA Proposal) that sets out new rules in the European Union (EU) for software and hardware products and their remote data processing solutions. The CRA Proposal introduces mandatory cybersecurity-related requirements and reporting obligations, including about product vulnerabilities, for manufacturers, … Continue Reading

EU Reaches Political Agreement on Additional New Rules for Digital Platforms in the Digital Services Act

The EU is close to finalizing the adoption of the Digital Services Act (DSA), which will impose new obligations on digital platforms regarding content moderation, due diligence for illegal content, and advertising transparency. It will entail significant changes to existing EU law in these areas and will impose substantial new compliance burdens on companies in … Continue Reading

Political Agreement on a New Framework for EU-U.S. Personal Data Transfers

On March 25, 2022, the U.S. and EU announced that they reached a political agreement in principle on a new “Trans-Atlantic Data Privacy Framework” (the Framework). This would be the third framework for EU-U.S. personal data transfers, after the invalidation of the Privacy Shield in 2020 and of its predecessor, the Safe Harbor, in 2015. … Continue Reading

EU Parliament and Council Take Next Steps to Advance Major New Rules for Digital Platforms

The EU Parliament and the EU Council recently adopted their respective versions of the Digital Markets Act (DMA) and Digital Services Act (DSA), which intend to create new antitrust-related (DMA) and regulatory (DSA) rules applicable to digital platforms.1 The adoption of the draft amendments by the EU Parliament and the EU Council constitutes a critical … Continue Reading

European Court of Justice Finds That “Inbox Advertising” Is Direct Marketing

On November 26, 2021, the Court of Justice of the European Union (CJEU) held[1] that the display of advertising messages in an email inbox, in a form similar to an email, constitutes direct marketing and requires users’ consent under the ePrivacy Directive.[2] The CJEU also held that this practice constitutes ‘persistent and unwanted solicitations’ under … Continue Reading

CNIL Issues Guidance on Alternatives to Third-Party Cookies

On October 13, 2021, the French data protection authority (the CNIL) issued a short note (the “Note,” in French) on technologies such as fingerprinting, unique identifiers, and cohort-targeting, developed to replace traditional third-party cookies. While the CNIL acknowledges that some of these technologies are less privacy invasive than third-party cookies, it stresses that the consent … Continue Reading

Bavarian SA Finds the Use of SCCs Without Supplementary Measures Unlawful

On March 15, 2021, the Bavarian Supervisory Authority (SA)[1] issued a decision regarding the use of Standard Contractual Clauses (SCCs) to transfer personal data from the EU to the U.S. without supplementary security measures. The SA found the data transfer to be unlawful in this case, although it did not impose an administrative fine. The … Continue Reading

Booking.com Fined EUR 475,000 for Failure to Timely Notify Dutch Supervisory Authority of Data Breach

The Dutch supervisory authority (the Autoriteit Persoonsgegevens or AP) sanctioned the online travel booking platform, Booking.com BV (Booking), with a EUR 475,000 fine for failing to notify a data breach to the AP within 72 hours after becoming aware of it, as required by the EU General Data Protection Regulation (GDPR). The decision is available … Continue Reading

Council of the EU Adopts Its Text on the ePrivacy Regulation

On February 10, 2021, the Council of the European Union (EU) agreed on its version of the draft ePrivacy Regulation (Council Position). The long-awaited ePrivacy Regulation, which will repeal the existing ePrivacy Directive, overhauls the rules on cookies and regulates the use of and access to electronic communications data.… Continue Reading

The Privacy Impact of the New Brexit Deal

On December 24, 2020, the European Commission (EC) and UK government announced the long-awaited EU-UK Trade and Cooperation Agreement (the Brexit Agreement), which sets out the future relations between the EU and the UK. If approved, the Brexit Agreement will become effective on January 1, 2021, and will have the following repercussions:… Continue Reading

EDPB Issues Guidelines on Social Media Targeting Under GDPR

On Monday September 7, 2020, the European Data Protection Board (EDPB) issued draft Guidelines 8/2020 on the targeting of social media users (the “Draft Guidelines”). The Draft Guidelines have far-reaching implications for social media platforms, advertisers, and adtech companies, as they will result in a clarification of the roles and responsibilities of the key stakeholders, and establish … Continue Reading

ECJ Invalidates EU-U.S. Privacy Shield and Upholds the Standard Contractual Clauses

On July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield framework (Privacy Shield) invalid. The ECJ upheld the EU Standard Contractual Clauses (SCCs), but ruled that companies must verify prior to any transfer using SCCs that the parties can effectively provide the level of protection required by EU law.… Continue Reading

The European Commission Publishes Guidance on COVID-19 Mobile Apps

On April 16, 2020, the European Commission (EC) published guidance (guidance) regarding mobile applications developed to combat the spread of the COVID-19 pandemic (COVID-19 mobile apps). As previously mentioned in our blog posts, the guidance follows the EC recommendation last week on the same topic, and takes into account a prior consultation with the European … Continue Reading
LexBlog