CJEU

EDPB Issues Data Transfer FAQs in the Post Privacy Shield Area

By Dr. Viola Bensinger, Gretchen A. Ramos, Carsten A. Kociok & Dr. Johanna Hofmann on July 24, 2020

Posted in Data Privacy & Cybersecurity, European Union, Featured

The Court of Justice of the European Union (CJEU)’s historic decision in Schrems II, in which the EU-U.S. Privacy Shield was invalidated, requires businesses to rethink the mechanism they can rely on to transfer personal data from the EU to the United States and other countries. After several EU data protection authorities (DPAs) published their reactions, the European Data Protection Board (EDPB), an association comprising, inter alia, national DPAs of all EU Member States, presented its guidance in form of an FAQ.

At the time of its publication, the guidance comprises 12 FAQs. It will be updated with further analysis. While the EDPB notes that supplementary measures may be necessary when using standard contractual clauses (SCCs), it fails to specify what that means but promises to provide more guidance in the future. Summarized below are the key takeaways from the EDPB’s guidance.
Continue Reading EDPB Issues Data Transfer FAQs in the Post Privacy Shield Area

The End of Privacy Shield: European Data Protection Authorities React

By Dr. Viola Bensinger, Gretchen A. Ramos, Carsten A. Kociok & Dr. Johanna Hofmann on July 21, 2020

Posted in Data Privacy & Cybersecurity, European Union, Featured

…

European Court of Justice Annuls EU-US Privacy Shield Framework

By Dr. Viola Bensinger, Gretchen A. Ramos, Marijn Bodelier, Luigi Fontanesi, Adam Snukal ^, Alan N. Sutin, Carsten A. Kociok & Darren Abernethy on July 16, 2020

Posted in Data Privacy & Cybersecurity, European Union, Featured, Privacy Legislation

The Court of Justice of the European Union (CJEU) declares invalid a decision of the European Commission which attested that the EU-U.S. Privacy Shield provided adequate protection to personal data transferred from the EU to the U.S., if the receiving party had self-certified its adherence to the Privacy Shield Principles. At the same time, the…

New CJEU Decision on Use of Cookies

By Carsten A. Kociok on October 4, 2019

Posted in Data Privacy & Cybersecurity, EU E-Privacy Directive, European Union

On October 1, 2019 the Court of Justice of the European Union (CJEU) issued a new judgment on the use of cookies which, under the EU E-Privacy Directive, requires users’ informed consent. The court decided that

the cookies consent cannot be obtained by using a pre-ticked consent checkbox; and
information must be provided to users

…

EU Limits Territorial Scope of ‘Right to Be Forgotten’ on the Internet

By Carsten A. Kociok on October 3, 2019

Posted in Data Privacy & Cybersecurity, European Union, Featured, GDPR

On Sept. 24, 2019, the Court of Justice of the European Union (CJEU) decided that the “right to be forgotten” does not require a search engine operator to carry out de-referencing on non-EU member state versions of its search engine.

Background

The case relates to a penalty of €100,000 that the French data protection authority,…

CJEU Finds Website Operators Using Social Media Plugins Are Joint Controllers

By Gretchen A. Ramos & Carsten A. Kociok on July 31, 2019

Posted in Data Privacy & Cybersecurity, European Union, GDPR

On July 29, 2019, the Court of Justice of the European Union (CJEU) found that a website operator using a social media plugin is a joint controller with the social media company providing the plugin and can be held jointly liable in relation to such processing activities. Although the case was decided under…

Data Privacy Dish

CJEU

EDPB Issues Data Transfer FAQs in the Post Privacy Shield Area

The End of Privacy Shield: European Data Protection Authorities React

European Court of Justice Annuls EU-US Privacy Shield Framework

About Greenberg Traurig