We previously posted on yesterday’s Schrems II decision issued by the Court of Justice of the European Union (CJEU). Today (Jun 17, 2020), the Berlin data protection authority (Berlin DPA) went even further than the CJEU opinion, issuing a statement on the Schrems II case, calling for Berlin-based data controllers storing personal data in the
On July 16, 2020, the Court of Justice of the European Union (“CJEU” or “Court”) issued a significant judgment in Case C-311/18 (“Schrems II decision”) on the adequacy of protection provided by the EU-US Data Protection Shield. The court concluded that the Standard Contractual Clauses (“SCCs”) issued by the European Commission for the transfer of
Yesterday (May 20, 2020), Apple and Google launched software that will allow public health authorities to create mobile applications that notify people when they may have come in contact with people who have confirmed cases of COVID-19, while purportedly preserving privacy around identifying information and location data. People who have updated
According to a Bloomberg article posted earlier this morning, the U.S. Health and Human Services Department (“HHS”) suffered a cyber attack on its computer systems Sunday night. The attack appears to have been intended to slow the agency’s systems, but was unable to do so in any meaningful way. Just before midnight, the National Security
On December 6, 2019, the FTC issued an opinion finding that Cambridge Analytica, they had engaged in deceptive practices to collect personal information from several users of Facebook for purposes of voter profiling and targeting. In addition, the Commission found that Cambridge Analytica had engaged in deceptive practices regarding its participation in the EU-US Privacy
This last week saw significant compliance and enforcement activity with respect to both GDPR and the FTC. Specifically, we saw two significant GDPR fines handed down by the UK Information Commissioner’s Office (ICO) against British Airways (approx. $230 million) and Marriott International (approx. $130 million). In addition, Facebook settled with the FTC for the largest
*written with assistance from co-author and W&L law student, Isabella Gray.
On May 28, 2019, the Cyberspace Administration of China (“Cybersecurity Administration”) released a set of draft Measures for Data Security Management (the “Draft Measures”). The Draft Measures provide articles governing how network operators, defined as someone who owns and administrates a network or a
On January 21, 2019, the French Data Protection Authority, the Commission Nationale de L’Informatique et de Libertés (“CNIL”) announced a sanction of 50 million euros against Google. On May 25 and 28, 2018, the CNIL received complaints from two different associations, asserting that Google did not have a valid legal basis for the processing of
On January 28, 2017, as part of Data Privacy Day, Facebook shared its data privacy principles for the first time. In a blog post drafted by Erin Egan, Facebook’s Chief Privacy Officer, Facebook posted these principles to help users understand how data is used and managed on the site. Among other things, Facebook’s data privacy
With the May 25, 2018 deadline quickly approaching, many businesses are scrambling to prepare for compliance with the EU’s General Data Protection Regulation (GDPR), and questions and conversations are heating up. Still others are still trying to wrap their arms around what GDPR is and what it means for U.S. businesses. For those of you
