Alston & Bird Privacy, Cyber & Data Strategy Blog

Data Protection

EU Releases Amendments to Model Clause and Country-Whitelisting Decisions – with Good News for Companies

By

Most privacy professionals are familiar with the European Court of Justice’s 2015 Schrems decision, which struck down the US-EU Safe Harbor mechanism.  One lesser-discussed aspect of the ECJ’s decision related to the powers of Data Protection Authorities (DPAs) within the EU’s Member States.  In the Schrems proceedings, the Irish Data Protection Commission argued that it […]

German DPAs to Survey Transfers in 500 Companies – with English Translation of DPA Questionnaire

By

Late last week, 10 of Germany’s 17 Data Protection Authorities (DPAs) announced they are planning to send written questionnaires to approximately 500 different companies regarding international data transfers.  The following provides a brief overview of the situation, as well as an English translation of the questionnaire, for companies who are potentially affected. This summary refers […]

EU-U.S. Privacy Shield Faces Judicial Attack

By

The EU-U.S. Privacy Shield (“Privacy Shield”) is already under challenge before the European courts, after having been approved only some months ago by the European Commission (“EU Commission”). The European courts’ website records that an action for annulment has been brought by Digital Rights Ireland, the privacy and digital rights advocacy organization, before the General […]

The French Digital Republic Act: the New Powers of the French Data Protection Authority and Enhanced Rights of Individuals

By

On October 7, the French Digital Republic Act (the “Act”) was adopted following a widely-publicized consultation process.  The Act amends the French Data Protection Act, and also modifies French law in various domains, including consumer protection, electronic payment services, medical research, and intellectual property. The Act constitutes a first step in the implementation of the […]

ECJ Declares IP Addresses are Personal Data

By

Today, the European Court of Justice (ECJ) issued its long-awaited decision in Breyer v. Germany.  Breyer addresses the question of whether IP addresses are “personal data” for purposes of EU data protection law.  As is widely known, personal data is any information that would permit a particular individual to be identified, whether directly or in […]