GDPR fines can contemplate parent group turnover: The story behind the WhatsApp fine

Summary The DPC has fined WhatsApp, an instant messaging app owned by Facebook, €225 million in relation to an investigation into its compliance with transparency obligations under the GDPR. Following intervention from the EDPB, the proposed fine was increased from €30 – €50 million up to €225 million by taking into account the turnover of … Read more

ICO issues draft International Data Transfer Agreement and guidance on undertaking risk assessments for consultation on ensuring compliance for data transfers from the UK

The UK has taken its first big data protection step in a post-Brexit world with the Information Commissioner’s Office (“ICO“) publishing its own version of an international data transfer agreement and accompanying methodology for conducting international risk assessments on 11 August 2021. The ICO has published the following documents, which all inter-relate with one another: … Read more

European Commission publishes final Article 28 clauses

Simultaneous with the European Commission publishing its final standard contractual clauses for the international transfer of personal data (see our blog post here for further information) (the “New SCCs“), they have now published a final set of standalone Article 28 clauses for use between controllers and processors in the EU, also termed ‘standard contractual clauses’ … Read more

ICO PUBLISHES CALL FOR VIEWS ON ANONYMISATION GUIDANCE

Background On 28 May 2021, the Information Commissioner’s Office (“ICO“) published a call for views on the first draft chapter of its anonymisation, pseudonymisation and privacy enhancing technologies draft guidance). This first chapter is part of a series of chapters of guidance that the ICO will be publishing on anonymisation and pseudonymisation and their role … Read more

European Commission publishes final Standard Contractual Clauses

Seven months after the European Commission published its draft new Standard Contractual Clauses for data transfers between EU and non-EU countries (the “Draft SCCs“) for consultation (see our blog post here (the “Draft SCCs Blog“)), they have now published a finalised set of Standard Contractual Clauses (“Final SCCs“) with little fanfare (available here). It should … Read more

EU Commission releases regulatory proposal to increase trust in AI

Key takeaways The European Union Commission released its long awaited proposed regulation of artificial intelligence on 21 April 2021 (see press release here), which sets out a risk-based approach to regulation designed to increase trust in the technology and ensure the safety of people and businesses above all. The regulation has extra-territorial scope meaning that … Read more