On January 14, 2020, the French data protection authority (CNIL) launched a public consultation on its draft recommendations for the collection of consent in the context of cookies and other tracking technologies (the ‘draft Recommendations’). Under EU ePrivacy rules, such technologies generally may not be placed on – or accessed from – users’ devices without […]
EU Privacy
Schrems 2.0: Standard Contractual Clauses Declared Valid by EU Advocate General
The Advocate General’s Opinion of December 19, 2019 deemed valid the Standard Contractual Clauses (SCCs) adopted by the European Commission for the transfer of personal data from controllers to processors. Currently, many companies rely on SCCs as a mechanism for transferring personal data from the EU to non-EU countries in compliance with the GDPR. […]
Senior Privacy, Cybersecurity Partner Wim Nauwelaerts Joins Alston & Bird
Alston & Bird has strengthened its global platform for advising on EU and international data protection with the addition of senior privacy and cybersecurity attorney Wim Nauwelaerts as partner in the firm’s Brussels office. Arriving from Sidley Austin LLP, Nauwelaerts is a veteran privacy and cybersecurity attorney with more than 20 years’ experience. Nauwelaerts advises […]
EU Ethics Guidelines For AI Are Just The Beginning
As previously discussed on the Alston & Bird Privacy Blog, the European Commission High-Level Expert Group on Artificial Intelligence released on April 8, 2019 the final version of its Ethics Guidelines for Trustworthy AI. The Guidelines, although not legally binding, are important because they represent the first significant government-initiated effort to influence the use of […]
Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration
As has been widely reported, in late January the French privacy supervisor CNIL fined Google €50 million for privacy violations relating to targeted marketing using Android user data. One of the core violations the CNIL found was that Google’s Android user interface did not obtain effective, GDPR-compliant consent to targeted marketing from users. The amount […]