It’s too soon to change the GDPR says EDPB

Summary The EDPB has reviewed implementation of the GDPR so far and has declared the first year and a half a success. The EDPB did note areas for improvement, including the impact of implementation on SMEs and issues with cooperation across different jurisdictions. However, notwithstanding these difficulties, the EDPB considers that it would be premature … Read more

Could the UK move away from GDPR to help foster innovation?

Publicly the UK government is pursuing an adequacy decision from Europe regarding data protection and privacy regulations, but recent comments from ‘Number 10’ could be interpreted as saying the UK may be comfortable pursuing a different privacy path to the EU from the end of December 2020. The issue is about more than making changes … Read more

International Data Privacy Day: Our predictions for 2020

What better day than today, International Data Privacy Day, to explore what 2020 is likely to have in store for data and privacy? Almost two years ago the EU General Data Protection Regulation (GDPR) thrust data and privacy issues firmly in the spotlight, where they remain. With attention having shifted from guidance to enforcement, this article … Read more

Protecting your company’s critical resource: Is your company PDPA ready?

Data has been labeled the world’s most valuable resource in our current digital economy.  It is the lifeblood of many companies, especially those in the technology, media and telecommunications sector where data is often ­used to predict, analyse and respond to consumers’ behaviours, patterns and preferences for services and products.  Capabilities to collect and analyse … Read more

EDPB Adopts Final Guidelines on GDPR Extra-territoriality

Almost exactly a year after publishing its draft version, the EDPB has adopted its final guidelines on Article 3 of the GDPR and the extra-territorial scope of the legislation. The adopted guidelines don’t differ substantially from the consultation draft but include a number of clarifications and new examples. Some of the key takeaways are: Article … Read more

Facial Recognition Technology and Data Protection Law: the ICO’s view

The Information Commissioner’s Office in the UK (ICO) has announced an investigation into the use of facial recognition technology following a string of high profile uses. Prior to the results of this investigation, companies using facial recognition technology should: undertake a balancing test to ensure proportionality in the use of such technology, acknowledging its intrusiveness; … Read more

CALCULATION GUIDELINES ON GDPR FINES IN GERMANY

In our latest report, we informed you about new developments regarding imposed sanctions by Data Protection Authorities (“DPA”) in Germany and Austria and about a model for calculating fines imposed under the General Data Protection Regulation (“GDPR”) proposed by the Conference of the German “Independent Data Protection Supervisory Authorities of the Federal Government and the … Read more

Joint controller relationships – more prevalent than previously thought? Article published in Privacy and Data Protection Journal

The Privacy and Data Protection Journal has published an article by Duc Tran (Senior Associate) and Laura Adde (Associate) of our Digital TMT, Sourcing & Data and Cyber Security teams. The article examines the concept of “joint controllership” in light of recent case law and existing legislative guidance. Please click here to access the full … Read more