Tagged as: GDPR

New EU Rules for Data Access and Sharing: What You Need to Know

On February 23, 2022, the European Commission published its proposal for a Regulation on Harmonized Rules on Fair Access to and Use of Data (“Data Act”), which focuses on data generated by Internet of Things (“IoT”) devices. The aim of the Data Act are to create a single market for…

Read More

UK Government Issues Response to its Data Reform Consultation

On June 17, 2022, the UK Government’s Department for Digital, Culture, Media and Sport (“DCMS”) issued a final response (“Response”) to the consultation, ‘Data: a new direction’ (“Consultation”), which launched on September 10, 2021, to receive input from stakeholders on the DCMS proposals to reform the UK’s data protection regime….

Read More

French Data Protection Authority Fined Medical Software Provider for GDPR Violations

On April 21, 2022, France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), announced its decision to fine medical software company Dedalus Biologie €1.5 million following a data breach that exposed health information of nearly 500,000 people. The CNIL noted the company violated several GDPR obligations,…

Read More

New Data Protection Rights Coming Soon to Saudi Arabia – Just Not as Soon as Expected

The Kingdom of Saudi Arabia (“Saudi Arabia” or the “Kingdom”) has enacted the Personal Data Protection Law (“PDPL”), the country’s first comprehensive data protection law. The PDPL was scheduled to become effective on March 23, 2022 but full implementation was recently delayed until March 17, 2023, a positive development for…

Read More

UK Data Transfer Mechanism Comes Into Force

The International Data Transfer Agreement (“IDTA”), the long awaited mechanism for international transfers of personal data originating from the United Kingdom (“UK”), is now in force as of March 21, 2022, along with a separate addendum to the EU standard contractual clauses (“UK Addendum”). These transfer mechanisms were introduced by…

Read More

Use of Google Analytics by EU Websites Violates GDPR

Introduction On 13 January 2022, the Austrian Data Protection Authority (“DSB“) ruled that the use of Google Analytics (“GA”) and the resulting export of personal data to the United States (“US”) violates the GDPR’s data export requirements. On 10 February 2022 the French data protection authority (“CNIL”) also confirmed that…

Read More

The Princeton University Data Access Research: A Timely Reminder to Revisit Data Subject Request Processes

Update: Since going live with the below, the EDPB has published its draft guidelines addressing key aspects of a data subject’s right of access.  More to follow soon. Last month, a large number of EU and US companies received queries about their data access request procedures under the General Data Protection…

Read More

Approaching Deadline for Data Controller Registration and Representation Requirements in Turkey

Data controllers processing personal data in Turkey must register with the Turkish Data Controllers Registry, “VERBIS”, to notify the Turkish Data Protection Authority (“DPA”) of their processing activities by 31 December 2021, under penalty of a fine. In addition, data controllers not established in Turkey (“foreign controllers”) will need to…

Read More

EDPB Defines a "Transfer" Under the GDPR

On 18 November 2021 the European Data Protection Board (“EDPB”) released its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (“Guidelines”) for public consultation.  The Guidelines clarify one of the most vexing issues in…

Read More

EDPB to Provide Clarification on Transfers to Importers Subject to the GDPR: Another New Set of SCCs Seen

The European Data Protection Board (EDPB) recently published minutes of its last plenary meeting held in September 2021, which (in paragraph 2) shed light on how the EDPB may address one of the biggest open issues regarding data transfers from Europe — whether under General Data Protection Regulation (GDPR), Chapter V data…

Read More

12