Tag Archives: GDPR

Draft EDPB Guidelines Clarify the Roles of Parties Processing Personal Data and Call for Detailed Data Processing Agreements

On September 7, 2020, the European Data Protection Board (EDPB) published draft guidelines (Guidelines) intended to clarify the roles of the parties processing personal data and when they are operating as controllers, joint controllers, or processors under the EU General Data Protection Regulation (GDPR).… Continue Reading

EDPB Issues Guidelines on Social Media Targeting Under GDPR

On Monday September 7, 2020, the European Data Protection Board (EDPB) issued draft Guidelines 8/2020 on the targeting of social media users (the “Draft Guidelines”). The Draft Guidelines have far-reaching implications for social media platforms, advertisers, and adtech companies, as they will result in a clarification of the roles and responsibilities of the key stakeholders, and establish … Continue Reading

EDPB Adopts Updated Consent Guidance

On May 4, 2020, the European Data Protection Board (EDPB) adopted new guidelines (the guidelines) regarding the use of consent as a legal basis for processing personal data under the General Data Protection Regulation (GDPR).[1] The guidelines update and replace the Article 29 Working Party’s April 2018 guidance on the same topic. The guidelines remain … Continue Reading

Non-EEA Based Vendors Caught by GDPR’s Long-Arm Provisions

The General Data Protection Regulation (GDPR) does not just impact companies located in the European Economic Area (EEA). It has a “long-arm” provision which may subject foreign companies to its jurisdiction. There is a fair amount of uncertainty regarding how this provision may be applied. The European Data Protection Board (EDPB) has recently issued updated … Continue Reading

EU Privacy Regulators Issue Draft Guidelines on Connected Vehicles and Mobility Applications

On February 7, 2020, the European Data Protection Board (EDPB) published draft guidelines on the processing of personal data in the context of connected vehicles and mobility related applications. If adopted in their current form, the draft guidelines will have far-reaching consequences for connected vehicles and mobility applications that operate in Europe. They contain detailed interpretations of … Continue Reading

On the Final Publication of the Danish Standard Contractual Clauses for Vendor Agreements: A New Standard?

On December 10, 2019, the Danish Supervisory Authority (SA) published its final version of Standard Contractual Clauses (SCCs) that data controllers and processors may use to satisfy the General Data Protection Regulation (GDPR) obligation to enter into a data processing agreement. The Danish SCCs have been reviewed and approved by the European Data Protection Board … Continue Reading

CJEU Advocate General Confirms Validity of EU Data Transfer Tools

On December 19, 2019, the Advocate General (AG) of the highest EU Court (the Court of Justice of the European Union (CJEU)) issued his opinion in Schrems II[1] (the opinion). Wilson Sonsini previously covered the key points of the opinion in our Alert of December 20 and now provides a more detailed analysis in this … Continue Reading

Update: UK’s Age Appropriate Design Code

On January 21, 2020, the Information Commissioner’s Office (ICO) published its final version of its Age Appropriate Design Code of Practice (the code). The code will be submitted to Parliament in the coming days, and, assuming there is no objection, will become effective approximately two months later. This blog post follows our previous update on … Continue Reading

European Privacy Landscape: What to Expect in 2020

The year 2020 promises to be an interesting one for privacy and data protection in Europe. In this post, we highlight four of the most important developments to watch this year: 1) we expect that European Union (EU) regulators will ramp up GDPR enforcement across the board, and with a particular focus on AdTech, cookies, … Continue Reading

Greece Publishes Draft Legislation for Implementing GDPR

On August 12, 2019, the Greek Ministry of Justice published the long-awaited, draft legislation for implementing the General Data Protection Regulation (GDPR). Greece and Slovenia are the only two European Union (EU) countries that have not yet implemented the GDPR. As an EU regulation, the GDPR has legally taken effect in every EU country, including … Continue Reading

Website Operator Jointly Liable for Data Collection and Transmission Through Facebook “Like” Button

On July 29, 2019, the European Court of Justice (ECJ) issued its decision in FashionID (Case C-40/17), determining that website operators are jointly liable with plugin providers for data collection and transmission through social media buttons and other embedded plugins. Although the ECJ found the operator and plugin provider to be jointly liable, the court placed the … Continue Reading

The CNIL Announces Its 2019-2020 Action Plan on Ad Targeting

On June 28, 2019, the French Data Protection Authority (CNIL) released its 2019-2020 action plan on ad targeting (action plan);1 among other things, the CNIL announced that it will issue new cookie guidance later this month and that, once the guidance is published, companies will have a 12-month grace period to come into compliance. Background … Continue Reading

Massive GDPR Fine Proposed by UK ICO Confirms Trend of Increased Focus on EU Data Breaches

On July 8, 2019, the UK Information Commissioner’s Office (ICO) announced its intention to fine British Airways GBP 183.39 million over a data breach in which the personal data of approximately 500,000 customers was compromised.[1] If made final, the fine—equivalent to approximately U.S. $230 million—would be the biggest fine ever issued by the ICO as … Continue Reading

And Then There Were None: Or How Schrems 2.0 May Invalidate the Standard Contractual Clauses and the Privacy Shield

On July 9, 2019, the European Court of Justice (ECJ)—the highest court of the European Union—will hear oral arguments in the Schrems 2.0 case relating to the validity of two key data transfer mechanisms: the Standard Contractual Clauses (SCCs) and the EU-US Privacy Shield. Both of these mechanisms are widely used by companies in the … Continue Reading

The ICO Publishes Its Stance on Adtech and Real-Time Bidding

On June 20, 2019, the UK’s Data Protection Authority (ICO) published a report on adtech and real-time bidding. The report highlights the main problems faced by the industry when applying the General Data Protection Regulation’s (GDPR’s) stringent requirements, and calls for further engagement on these issues by the different adtech players in the space. Background … Continue Reading

WSGR Event Recap: Online Advertising and Privacy—An Overview of Global Legal Developments

On May 22, 2019, WSGR and the Future of Privacy Forum (FPF) co-hosted an event focusing on advertising technology and how to overcome the challenges of complying with evolving global privacy requirements. Jules Polonetsky from FPF opened the program, focusing on the evolution of online advertising, from contextual to programmatic behavioral advertising. WSGR attorneys Lydia … Continue Reading

WSGR Event Recap: The State of Play in European Data Protection Law

On May 1, 2019, WSGR convened a panel of regulators and experts to discuss recent developments in European data protection law. The panel, moderated by Cédric Burton, featured Bruno Gencarelli, head of the International Data Flows and Protection Unit of the European Commission, Isabelle Vereecken, head of the Secretariat of the European Data Protection Board … Continue Reading

Belgian Data Protection Authority Is Up and Running

On April 25, 2019, the new chairman and the four directors of the new Belgian data protection authority were sworn in before the Belgian Parliament. This marks a new era for data protection law in Belgium. Background Following the effective date of the General Data Protection Regulation (GDPR) on May 25, 2018, the Belgian Privacy … Continue Reading

The French Data Protection Authority Announces Stricter Enforcement

On April 15, 2019, the French Data Protection Authority (CNIL) published its 2018 activity report and announced its 2019 enforcement agenda. The CNIL’s message is clear: if some leniency was tolerated in 2018, this transitional period for GDPR enforcement is now over. Going forward, the CNIL will adopt a stricter approach when investigating companies’ GDPR … Continue Reading

CJEU Advocate General Opinion Calls for Active and Separate Cookie Consents

On March 21, 2019, the Advocate General (AG) of the highest EU Court (the Court of Justice of the European Union (CJEU)) issued an opinion (opinion) in the Planet49 case[1] on what constitutes valid consent for cookies under the Data Protection Directive, the GDPR, and the e-Privacy Directive. In particular, the AG opines that: 1) … Continue Reading

Brexit and Its Implications for Data Protection

On March 20, 2019, WSGR partner Cédric Burton and Of Counsel Lore Leitner hosted a webcast, “Brexit and Its Implications for Data Protection.” In this webcast, Burton and Leitner break down the potential far-reaching effects of the United Kingdom’s pending exit from the European Union on businesses operating in the UK and EU. In this … Continue Reading

EDPB Opinion on Consent and Legal Basis in Clinical Trials

On January 23, 2019, the European Data Protection Board (EDPB) issued an opinion (Opinion) on the interplay between the Clinical Trial Regulation (CTR) and the General Data Protection Regulation (GDPR), an issue which has been the subject of intense debate and that resulted in a draft, and still non-public, FAQ prepared by the EU Commission. … Continue Reading
LexBlog

We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content. For more information or to opt-out, visit our privacy policy.

I agree