In August 2020, privacy activist organization NOYB – European Center for Digital Rights filed 101 complaints with the EU Supervisory Authorities (‘SAs’) in connection with the transfer of personal data from Europe to the U.S., by companies that had implemented “Google Analytics” and “Facebook Business Tools” on their websites. Following these complaints, the European Data […]
EU Supervisory Authorities Clarify Breach Notification Requirements
Background On April 4th, 2023, the European Data Protection Board (‘EDPB’), which is composed of representatives of the EU national supervisory authorities and the European Data Protection Supervisor (‘EDPS’), published an updated version of the Working Party 29 Guidelines on personal data breach notification under the EU General Data Protection Regulation (‘GDPR’). The EDPB had […]
The EU Supervisory Authorities’ Coordinated Enforcement Action in the EU: This Year It’s All About DPOs
On March 15, 2023, the European Data Protection Board (“EDPB”) – the body through which the EU Member States’ Supervisory Authorities cooperate – along with 26 EU Supervisory Authorities officially launched a “coordinated enforcement action”, focusing on the designation of Data Protection Officers (“DPOs”) under the EU GDPR, and the position that DPOs hold in […]
European Commission Takes Significant Step Towards New Solution for Transatlantic Transfers of Personal Data
What Happened? On December 13, 2022, the European Commission (the “Commission”) took a significant step towards the adoption of the EU-U.S. Data Privacy Framework (“DPF”). The DPF is a new framework designed to replace the EU-U.S. Privacy Shield (“Privacy Shield”), which was struck down by Court of Justice of the European Union in the Schrems […]
EU Standard Contractual Clauses (SCCs) Deadline is Looming
Companies relying on the SCCs as a data transfer tool have less than a month to update their existing contracts (if they haven’t done so already). WHAT HAPPENED? The EU General Data Protection Regulation (GDPR) allows companies that want to transfer personal data protected by the GDPR to third countries outside the EU/EEA to do […]