DLA Piper GDPR fines and data breach survey: January 2021

This year has been extraordinary in many different ways.  The third annual DLA Piper GDPR fines and data breach survey which we launched today reflects how the current circumstances have affected the privacy landscape across the 31 European countries surveyed.  The report includes key GDPR metrics compiled from data from the 27 EU Member States …

DLA Piper GDPR fines and data breach survey: January 2021 Read More »

Belgium: Digital fingerprints on ID cards – no violation of the right to privacy according to the Belgian Constitutional Court

Heidi Waem, Emma Stockman On 14 January 2021, the Belgian Constitutional Court delivered a highly anticipated judgment on the legality of the integration of the digital format of two fingerprints in ID cards, introduced through Article 27 of the Belgian law of 25 November 2018. After a balancing of interests, the Court ruled that the …

Belgium: Digital fingerprints on ID cards – no violation of the right to privacy according to the Belgian Constitutional Court Read More »

Data Subject Access Requests – High Court dismisses claim where DSAR regime abused

Data Subject Access Requests – no unqualified right to documents In an important decision[1] for any business with a retail customer base, the High Court of England and Wales dismissed a claim against a bank for allegedly failing to provide an adequate response to the Claimant’s data subject access request (“DSARs”), highlighting the robust approach …

Data Subject Access Requests – High Court dismisses claim where DSAR regime abused Read More »

European Commission proposes reinforcement of EU Cybersecurity rules

Authors: Raf Schoefs, Simon Verschaeve, Laetitia Mouton On 16 December 2020, the European Commission adopted a proposal for a Directive on measures for a high common level of cybersecurity across the Union (“NIS II Directive”) that revises the current Directive on Security of Network and Information Systems (“NIS Directive”). As part of its new EU Cybersecurity …

European Commission proposes reinforcement of EU Cybersecurity rules Read More »

Brexit: Final arrangements for 1 January and future EU-U.K. data transfers

The Brexit trade deal has now has been agreed between the EU and UK. Here we summarise the implications for data protection including the important issue of cross-border data flows, which are critical for businesses to maintain between the EU and UK. Legal Framework UK data protection law has historically been governed by the General …

Brexit: Final arrangements for 1 January and future EU-U.K. data transfers Read More »

DLA Piper comments on EDPB recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data

On 10 November 2020, the European Data Protection Board (“EDPB”) adopted its recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data. These recommendations were open for public consultation until 21 December 2020. DLA Piper has submitted comments on these recommendations which are available here.

Belgium: New collaboration agreement between the Belgian Data Protection Authority and DNS Belgium

Authors: Heidi Waem, Frederik Ringoot, Alizée Stappers On 26 November 2020, the Belgian Data Protection Authority (BDPA) entered into a collaboration agreement with DNS Belgium, an association responsible for the registry of .be domain names. The agreement enables DNS to suspend or even delete .be websites involved in (alleged) data protection infringements, on simple request …

Belgium: New collaboration agreement between the Belgian Data Protection Authority and DNS Belgium Read More »

Belgium: Class Actions in Belgium – the next level in GDPR enforcement

Authors: Heidi Waem, Simon Verschaeve Many organisations tend to look at the activity of the supervisory authorities to assess enforcement risk related to their data processing activities. Although still a meaningful indicator, data breaches, unlawful data sharing activities as well as any other data protection infringements can also trigger an alternate enforcement track which might …

Belgium: Class Actions in Belgium – the next level in GDPR enforcement Read More »

Europe: Cookies – heavy Sanction by the CNIL in France For Google LLC and Google Ireland

On December 7 2020, the French Supervisory Authority (CNIL) sanctioned Google LLC (60 million EUR) and Google Ireland (40 million EUR) for installing advertising cookies on users devices without their prior consent and with proper information. In addition, the CNIL issued an injunction to inform properly the users of google.fr in compliance with Article 82 …

Europe: Cookies – heavy Sanction by the CNIL in France For Google LLC and Google Ireland Read More »

Asia-Pacific: Navigating Asia-Pacific data breach notification requirements

Data breach notification obligations throughout Asia-Pacific are in a state of flux, with several jurisdictions either introducing new requirements or updating their existing regimes in late 2020 and 2021. Against this backdrop, the number of cyber incidents reported continues to grow year-on-year, as increasingly sophisticated threat actors look to take advantage of the disruption caused …

Asia-Pacific: Navigating Asia-Pacific data breach notification requirements Read More »

European Law on Cookies Guide

A recent focus towards the law on cookies in Europe by the courts regulators has highlighted the different approaches to the interplay between the GDPR and ePrivacy, and indeed the interpretation of the ePrivacy Directive more generally. Two major recent cases (Fashion ID (c-40-17) and Planet49 (c-673/17)) highlight the importance of cookies compliance in  Europe, …

European Law on Cookies Guide Read More »

European Commission proposes new data governance measures for EU data sharing

On 25th November, the European Commission published its proposal for a Regulation on European Data Governance (the Data Governance Act) (“the DGA”). The proposed DGA (which will be directly applicable in all Member States), aims to strengthen data sharing mechanisms across the EU and between sectors. In particular, the European Commission recognises that businesses often …

European Commission proposes new data governance measures for EU data sharing Read More »

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

Background: How to calculate GDPR fines? How to properly calculate administrative fines for non-compliance with the EU General Data Protection Regulation (‘GDPR’) is one of the most important questions when applying the GDPR on practical level, e.g. : What is actually meant by the reference to “undertaking” in Article 83 (4) to (6) GDPR? Is …

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities Read More »

US: As expected, California ballot initiative passes, significantly altering the California Consumer Privacy Act

As the business community takes stock of (and impatiently waits for) 2020 election results, it should place particular significance on the passage of Proposition 24, the California Privacy Rights Act (CPRA) by about a 12 percent margin. The CPRA makes significant changes to the California Consumer Privacy Act (CCPA), which was originally passed by the …

US: As expected, California ballot initiative passes, significantly altering the California Consumer Privacy Act Read More »

International: Data protection compensation claims, Webinar, 2 December 2020

Data protection compensation claims are on the rise. Buoyed by front page press coverage of high profile data incidents, claims management companies and lawyers are looking to develop their practices in this area and are actively seeking out individuals who may have been affected. But it is not just the headline grabbing incidents that challenge …

International: Data protection compensation claims, Webinar, 2 December 2020 Read More »

Europe: European Commission publishes draft updated Standard Contractual Clauses

On 12 November, the European Commission published its long awaited updated draft Implementing Decision on standard contractual clauses (“SCCs”) for the transfer of personal data to third countries.  The update to the SCCs has been expected for some time to address the entry into force of the General Data Protection Regulation (“GDPR”) in May 2018, …

Europe: European Commission publishes draft updated Standard Contractual Clauses Read More »

Europe: EDPB issues Recommendations on Supplementary Measures and European Essential Guarantees for surveillance measures following Schrems II

On 11 November, the European Data Protection Board (“EDPB”) published recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data (“Recommendations”) as well as recommendations on the European Essential Guarantees for surveillance measures (“EEGs”). Both documents were adopted during the EDPB’s 41st plenary session and are …

Europe: EDPB issues Recommendations on Supplementary Measures and European Essential Guarantees for surveillance measures following Schrems II Read More »

Australia: Privacy Act Review

The Terms of Reference (ToR) and Issues Paper for the long-awaited review (Review) of the Privacy Act 1988 Cth (Act) has finally been released by the Government (AG’s Department). A commitment to review the Act was first announced by the Government following the ACCC’s Digital Platform Enquiry in 2018/19, and it is good to see …

Australia: Privacy Act Review Read More »

China: New draft national, harmonised data protection law for Mainland China

By Carolyn Bigg, Venus Cheung, Fangfang Song A first national level personal information protection law for Mainland China has been published, reinforcing and heightening existing data protection compliance obligations for organisations doing business in China. Compliance obligations previously considered recommended practice will now become binding law, and new compliance steps – including some registrations with …

China: New draft national, harmonised data protection law for Mainland China Read More »