Tagged as: GDPR

European Court Finds Pseudonymized Data is Not Personal Data in the Hands of Recipient That Can’t Re-identify It

On April 26, 2023, the General Court of the European Union issued a ruling in Case T-557/20, SRB v EDPS, finding that pseudonymized data shared by one party with another will not be considered personal data in the hands of the recipient, if the recipient does not have legal means…

Read More

New EDPB Guidelines on Designation of a Lead Supervisory Authority

On April 17, 2023, the European Data Protection Board (“EDPB”) adopted a final version of the Guidelines for identifying a controller or processor’s lead supervisory authority (“New Guidelines”). This document is an update to the Article 29 Working Party Guidelines (“Old Guidelines”) which were adopted in April 2017 and subsequently…

Read More

EU/UK Privacy & Cybersecurity News Roundup - Week of April 17, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates On 13 April 2023, the…

Read More

EU/UK Privacy & Cybersecurity News Roundup - Week of March 27, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates On 16 March 2023, the…

Read More

French Privacy Regulator Fines Apple 8 Million Euros for Ad Targeting Violations

On December 29, 2022, France’s privacy regulator (CNIL) imposed an €8 million fine on Apple. The CNIL found Apple in breach of France’s ePrivacy rules for not obtaining mobile users’ consent prior to reading and depositing Identifiers for Advertising (IDFAs) on those users’ devices. Apple has announced that it intends…

Read More

The Sequel - Data Protection and Digital Information (No. 2) Bill - Further Divergence?

On March 8, 2023, the Data Protection and Digital Information (No. 2) Bill (the Bill) was presented to the UK Parliament by Michelle Donelan (the secretary of State for Science, Innovation and Technology).  The Bill is designed to reform the UK GDPR, the UK Data Protection Act 2018 and the…

Read More

EU/UK Privacy & Cybersecurity News Roundup - Week of February 27, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates In October 2020, the ICO…

Read More

EU/UK Privacy & Cybersecurity News Roundup – Week of February 20, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. Case Law Updates Politico reports that the European…

Read More

EU/UK Privacy & Cybersecurity News Roundup - Week of February 13, 2023

Data privacy case law and legislation is constantly updated in the United Kingdom and European Union to address key issues. In order to track the latest developments, we have set out a brief overview of case law updates, legislation, guidance and news. In brief, there have been a two recent…

Read More

European Top Court Confirms Companies Need to Name “Recipients” of Personal Data When Responding to Access Requests, Not Just Categories

On January 12, 2023, the Court of Justice of the European Union (“CJEU”) ruled in case C-154/21 | Österreichische Post AG that controllers must provide the specific identity of any “recipient” of personal data in response to a GDPR access request. While the GDPR itself states that controllers may inform…

Read More