On July 7th, the European Data Protection Board (“EDPB”) adopted its finalized guidelines on the concepts of controller and processor in the General Data Protection Regulation (“GDPR”). While the EDPB’s predecessor – the Article 29 Working Party – had issued guidance on the concepts of controller/processor (Opinion 1/2010, WP169) back in 2010, many practical concerns […]
Privacy
Colorado Becomes the Third State to Adopt a General Privacy Law
On July 7, Colorado became the third state behind California and Virginia to adopt a comprehensive privacy law when Governor Jared Polis signed the Colorado Privacy Act into law. The CPA contains many similarities to the Virginia Consumer Data Protection Act (VCDPA) and the California Consumer Privacy Act, as amended by the California Privacy Rights […]
Alston & Bird Publishes 10 Key Takeaways from the New Standard Contractual Clauses
As highlighted by this blog on Friday, the European Commission has published long-awaited Standard Contractual Clauses (SCCs). These represent the first updates to the SCCs in over a decade, with the last updates having been made in 2010. Alston & Bird partner Wim Nauwelaerts has now published an advisory titled “10 Key Takeaways from the […]
The GDPR Reaches the US Supreme Court in Cert Petition
The EU’s General Data Protection Regulation (GDPR) has been raised in a petition for certiorari before the US Supreme Court, apparently for the first time since the GDPR entered into application in 2018. A party in Vesuvius USA Corp. v. Phillips has filed a petition for certiorari in a GDPR-related discovery dispute. Of course, since […]
European Commission Adopts Draft UK Adequacy Decision
On February 19, 2021, the European Commission adopted a draft ‘adequacy decision’ in favor of the UK. The adoption of the draft adequacy decision marks the first step in ensuring the continued free flow of personal data from EEA countries to the UK under the EU GDPR. Once (and if) the final adequacy decision is […]