GDPR

And Then There Were None: Or How Schrems 2.0 May Invalidate the Standard Contractual Clauses and the Privacy Shield

By Jan Dhont, Cédric Burton, Christopher Kuner & Nikolaos Theodorakis on July 8, 2019

On July 9, 2019, the European Court of Justice (ECJ)—the highest court of the European Union—will hear oral arguments in the Schrems 2.0 case relating to the validity of two key data transfer mechanisms: the Standard Contractual Clauses (SCCs) and the EU-US Privacy Shield. Both of these mechanisms are widely used by companies in the European Economic Area (EEA), which comprises the 28 EU member states plus Iceland, Liechtenstein, and Norway, to allow the transfer of personal data to the United States and other countries outside the EEA.
Continue Reading And Then There Were None: Or How Schrems 2.0 May Invalidate the Standard Contractual Clauses and the Privacy Shield

The ICO Publishes Its Stance on Adtech and Real-Time Bidding

By Cédric Burton, Christopher Olsen, Lore Leitner & Josephine Jay on June 26, 2019

Posted in European Union, Privacy, Regulatory

On June 20, 2019, the UK’s Data Protection Authority (ICO) published a report on adtech and real-time bidding. The report highlights the main problems faced by the industry when applying the General Data Protection Regulation’s (GDPR’s) stringent requirements, and calls for further engagement on these issues by the different adtech players in the space.

Background

When the GDPR became effective on May 25, 2018, it imposed new and strict obligations on companies processing personal data. In the UK, the Privacy and Electronic Communications Regulations (PECR), which implements the EU e-Privacy Directive and will soon be replaced by the e-Privacy Regulation, complements the GDPR requirements. Both the GDPR and PECR govern how data is collected and further processed in the online advertising industry, including requiring notice and a legal basis for processing. The PECR specifically applies to the use of cookies and similar technologies and sets out the rules for consent to use these technologies.Continue Reading The ICO Publishes Its Stance on Adtech and Real-Time Bidding

WSGR Event Recap: Online Advertising and Privacy—An Overview of Global Legal Developments

By Elli Laine & Libby Weingarten on May 28, 2019

Posted in Cybersecurity, Privacy, Regulatory

On May 22, 2019, WSGR and the Future of Privacy Forum (FPF) co-hosted an event focusing on advertising technology and how to overcome the challenges of complying with evolving global privacy requirements.

Jules Polonetsky from FPF opened the program, focusing on the evolution of online advertising, from contextual to programmatic behavioral advertising. WSGR attorneys Lydia Parnes, Cédric Burton, Libby Weingarten, and Lore Leitner discussed the legal regime that applies to this technology: new legal requirements, recent case law, and data protection authorities’ decisions affecting the ad tech ecosystem, as well as the differences between EU and U.S. legislation applying to ad tech.Continue Reading WSGR Event Recap: Online Advertising and Privacy—An Overview of Global Legal Developments

WSGR Event Recap: The State of Play in European Data Protection Law

By Laura Brodahl on May 7, 2019

Posted in Cybersecurity, European Union, Privacy

On May 1, 2019, WSGR convened a panel of regulators and experts to discuss recent developments in European data protection law. The panel, moderated by Cédric Burton, featured Bruno Gencarelli, head of the International Data Flows and Protection Unit of the European Commission, Isabelle Vereecken, head of the Secretariat of the European Data Protection Board (EDPB), and Dr. Christopher Kuner, senior privacy counsel at WSGR.
Continue Reading WSGR Event Recap: The State of Play in European Data Protection Law

Belgian Data Protection Authority Is Up and Running

By Laura Brodahl, Laura De Boel, Jan Dhont & Cédric Burton on April 26, 2019

Posted in European Union, Privacy, Regulatory

On April 25, 2019, the new chairman and the four directors of the new Belgian data protection authority were sworn in before the Belgian Parliament. This marks a new era for data protection law in Belgium.

Background

Following the effective date of the General Data Protection Regulation (GDPR) on May 25, 2018, the Belgian Privacy Commission was restructured into a Supervisory Authority under the GDPR, thus becoming the Belgian Data Protection Authority. It was given new enforcement powers, including the ability to impose fines up to €20 million or 4 percent of total worldwide annual turnover (whichever is higher).Continue Reading Belgian Data Protection Authority Is Up and Running

The French Data Protection Authority Announces Stricter Enforcement

By Cédric Burton, Jan Dhont & Rossana Fol on April 17, 2019

Posted in European Union, Privacy

On April 15, 2019, the French Data Protection Authority (CNIL) published its 2018 activity report and announced its 2019 enforcement agenda. The CNIL’s message is clear: if some leniency was tolerated in 2018, this transitional period for GDPR enforcement is now over. Going forward, the CNIL will adopt a stricter approach when investigating companies’ GDPR compliance and make full use of its enforcement powers, including the power to fine.

Background

As of May 25, 2018, the EU General Data Protection Regulation (GDPR) imposes new and strict obligations on companies processing personal data. Most EU privacy regulators adopted a somewhat lenient approach when enforcing the new rules. Beside the €50 million fine against Google in early 2019, the CNIL has not made broad use of its enforcement powers since the GDPR became effective. All in all, 2018 was a transition year to allow companies to bring their practices into compliance.Continue Reading The French Data Protection Authority Announces Stricter Enforcement

The Data Advisor

GDPR

ABOUT OUR DATA, PRIVACY, AND CYBERSECURITY PRACTICE