On May 22, 2023, Ireland’s Data Protection Commission (DPC) published its long-awaited decision in the Meta EU-U.S. data transfer case (Decision). In its landmark Decision, the DPC imposed a record 1.2 billion EUR fine and ordered Meta Platforms Ireland Limited (Meta) to suspend any EU-U.S. transfers of personal data within approximately five months. Meta was … Continue Reading
On October 7, 2022, President Biden signed an Executive Order (Order) on Enhancing Safeguards for United States Signals Intelligence Activities. This marks the latest step towards the new EU-U.S. Data Privacy Framework (Framework), a replacement for the defunct EU-U.S. Privacy Shield (Privacy Shield). The next stage in the process is for the European Commission (EC), with input from the … Continue Reading
The European Union (EU) will soon be handed sweeping new rules to regulate the conduct of the largest digital platforms with the long-awaited Digital Markets Act (DMA). Following 15 months of intense negotiations on amendments to the original Proposal, the presidents of the main EU institutions (the Parliament, Council, and Commission) reached a political agreement on the final … Continue Reading
On December 15, 2020, the European Commission (EC) unveiled a set of proposals to regulate digital platforms. The draft laws include antitrust-related requirements, addressed by the Digital Markets Act (DMA) and more general regulatory requirements, addressed in the Digital Services Act (DSA). The DMA/DSA package will apply to all digital services, including social media, online … Continue Reading
On October 1, 2020, the French data protection authority (the CNIL) issued the final version of its guidelines on the use of cookies and other trackers (the Guidelines), replacing a first draft published on July 4, 2019. While the main principles remain unchanged, this version provides further practical guidance for website and mobile application publishers … Continue Reading
On February 7, 2020, the European Data Protection Board (EDPB) published draft guidelines on the processing of personal data in the context of connected vehicles and mobility related applications. If adopted in their current form, the draft guidelines will have far-reaching consequences for connected vehicles and mobility applications that operate in Europe. They contain detailed interpretations of … Continue Reading
On January 21, 2020, the Information Commissioner’s Office (ICO) published its final version of its Age Appropriate Design Code of Practice (the code). The code will be submitted to Parliament in the coming days, and, assuming there is no objection, will become effective approximately two months later. This blog post follows our previous update on … Continue Reading
The year 2020 promises to be an interesting one for privacy and data protection in Europe. In this post, we highlight four of the most important developments to watch this year: 1) we expect that European Union (EU) regulators will ramp up GDPR enforcement across the board, and with a particular focus on AdTech, cookies, … Continue Reading
On August 12, 2019, the Greek Ministry of Justice published the long-awaited, draft legislation for implementing the General Data Protection Regulation (GDPR). Greece and Slovenia are the only two European Union (EU) countries that have not yet implemented the GDPR. As an EU regulation, the GDPR has legally taken effect in every EU country, including … Continue Reading
On June 28, 2019, the French Data Protection Authority (CNIL) released its 2019-2020 action plan on ad targeting (action plan);1 among other things, the CNIL announced that it will issue new cookie guidance later this month and that, once the guidance is published, companies will have a 12-month grace period to come into compliance. Background … Continue Reading
On June 20, 2019, the UK’s Data Protection Authority (ICO) published a report on adtech and real-time bidding. The report highlights the main problems faced by the industry when applying the General Data Protection Regulation’s (GDPR’s) stringent requirements, and calls for further engagement on these issues by the different adtech players in the space. Background … Continue Reading
On May 8, 2019, the Brussels Court of Appeal referred the Belgian Data Protection Authority’s (DPA) case against Facebook to the European Court of Justice (CJEU) to address jurisdictional issues regarding which DPA is competent to bring enforcement actions against Facebook. The case deals with Facebook’s collection of individuals’ data through cookies stored in Facebook’s … Continue Reading
On March 21, 2019, the Advocate General (AG) of the highest EU Court (the Court of Justice of the European Union (CJEU)) issued an opinion (opinion) in the Planet49 case[1] on what constitutes valid consent for cookies under the Data Protection Directive, the GDPR, and the e-Privacy Directive. In particular, the AG opines that: 1) … Continue Reading
On March 20, 2019, WSGR partner Cédric Burton and Of Counsel Lore Leitner hosted a webcast, “Brexit and Its Implications for Data Protection.” In this webcast, Burton and Leitner break down the potential far-reaching effects of the United Kingdom’s pending exit from the European Union on businesses operating in the UK and EU. In this … Continue Reading