European Court Finds Pseudonymized Data is Not Personal Data in the Hands of Recipient That Can’t Re-identify It

On April 26, 2023, the General Court of the European Union issued a ruling in Case T-557/20, SRB v EDPS, finding that pseudonymized data shared by one party with another will not be considered personal data in the hands of the recipient, if the recipient does not have legal means…

Read More

States Race After Utah on Minors’ Privacy Despite Legal Threats

The legislative and regulatory landscape concerning minors’ privacy is becoming increasingly protective, adding new complexity and uncertainty for companies as they navigate a patchwork of requirements. The latest legislative trend aims to regulate use of social media by minors and provide parents with greater control over their children’s social media…

Read More

Takeaways from Washington's Sweeping Health Privacy Bill

On April 27, Washington Gov. Jay Inslee signed into law the state’s sweeping health privacy bill – the My Health Data Act.[1] The act, which establishes a comprehensive privacy framework for entities that do business in the state and that handle consumer health data, will take effect less than a…

Read More

EU/UK Privacy & Cybersecurity News Roundup – Week of May 8, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates and Fines On 27 April…

Read More

New EDPB Guidelines on Designation of a Lead Supervisory Authority

On April 17, 2023, the European Data Protection Board (“EDPB”) adopted a final version of the Guidelines for identifying a controller or processor’s lead supervisory authority (“New Guidelines”). This document is an update to the Article 29 Working Party Guidelines (“Old Guidelines”) which were adopted in April 2017 and subsequently…

Read More

EU/UK Privacy & Cybersecurity News Roundup - Week of April 17, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates On 13 April 2023, the…

Read More

EU/UK Privacy & Cybersecurity News Roundup - Week of March 27, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates On 16 March 2023, the…

Read More

French Privacy Regulator Fines Apple 8 Million Euros for Ad Targeting Violations

On December 29, 2022, France’s privacy regulator (CNIL) imposed an €8 million fine on Apple. The CNIL found Apple in breach of France’s ePrivacy rules for not obtaining mobile users’ consent prior to reading and depositing Identifiers for Advertising (IDFAs) on those users’ devices. Apple has announced that it intends…

Read More

States Look to Strengthen Protections for Consumer Health Data Post-Dobbs

The Supreme Court’s ruling in the Dobbs Decision, which overturned Roe v. Wade and Casey v. Planned Parenthood and eliminated the constitutional right to an abortion, permitted states to regulate access to abortion services. Since the Supreme Court issued its opinion on June 24, 2022, privacy, consumer and reproductive health…

Read More

The Sequel - Data Protection and Digital Information (No. 2) Bill - Further Divergence?

On March 8, 2023, the Data Protection and Digital Information (No. 2) Bill (the Bill) was presented to the UK Parliament by Michelle Donelan (the secretary of State for Science, Innovation and Technology).  The Bill is designed to reform the UK GDPR, the UK Data Protection Act 2018 and the…

Read More