The Article 29 Working Party (“WP29”) recently issued an opinion that discusses the processing of employee personal information (Opinion 02/2017). WP29 focuses on the use of new technologies by employers and assesses requirements in light of the upcoming General Data Protection Regulation (“GDPR”). Consent and legal bases to process personal information The WP29 has historically […]
EU Data Protection
Facebook Fined for WhatsApp Data Linking Fallout
On 18 May 2017, the European Commission (“Commission”) fined Facebook €110 million ($122 million) for misrepresentations made in its application for competition clearance of the company’s acquisition of WhatsApp. In its merger application, Facebook claimed that it would be unable to automatically match Facebook users’ accounts and WhatsApp users’ accounts for marketing and other purposes. […]
Swire Discusses European Data Economy at European Political Strategy Centre Policy Hearing
Peter Swire, Alston & Bird Senior Counsel and Nancy J. and Lawrence P. Huang Professor of Law and Ethics at the Georgia Institute of Technology’s Scheller College of Business, recently participated in a policy hearing held by the European Political Strategy Centre, the in-house think tank of the European Commission. Swire joined five other experts […]
French CNIL Releases GDPR Compliance Toolkit
On March 15, 2017, the French data protection authority (CNIL) released its six step- GDPR compliance program together with GDPR-tailored templates for use by companies, the “GDPR Toolkit.” The GDPR Toolkit is helpful for companies because it provides guidance that companies may directly include in their privacy programs. Companies with sophisticated privacy programs may also […]
Working Party welcomes the draft ePrivacy Regulation, yet expresses grave concerns
The Working Party recently issued its first Opinion for 2017, focusing on the EU Commission’s proposed ePrivacy Regulation (WP 247, Opinion 01/2017). The Commission’s proposal, which was published in January this year, aims to modernize the existing ePrivacy Directive (2002/58/EC as amended by 2009/136/EC) which concerns the protection of personal data in the context of […]