Category Archives: GDPR

Lessons Learned From The Greek Supervisory Authority’s PwC Decision on Employee Data Under GDPR

On 26 July 2019, the Greek Supervisory Authority (SA) found Pricewaterhouse Coopers (“PwC”) not compliant with General Data Protection Regulation (GDPR) in relation to the processing of its Greek employees’ personal data. The SA issued a €150,000 fine and an injunction requiring PwC to take measures to comply within three months (which is has apparently done). A summary of the decision in English is available on the Greek SA’s website.… More

Watch: Cybersecurity Regulation and Enforcement

As data breaches are seemingly reported on a daily basis, cybersecurity has emerged as a top enforcement priority for federal and state regulators and a key concern for companies of all sizes in a diverse range of industries. For example, compliance with federal cybersecurity regulations is required by nearly every government contract and the New York Division of Financial Services adopted a vast set of regulations that is applicable to all entities operating under NYDFS licensure.… More

Data Scraping, at Home and Abroad

Data scraping is a technique where information on one platform is exported onto another.  The practice is widespread and is used for all sort of reasons, like market analysis or advertising.  The kind of information located and extracted is as varied as the kind of information that exists on the internet–which is to say, anything and everything–but where it becomes particularly interesting is when personal information is being scraped.… More

Colin Zick and Chris Hart to Speak at MassTLC Policy and CyberMA Seminar

New Trends in Data Privacy: GDPR, CCPA and Beyond

Changes to data privacy laws and regulations continue to happen at a rapid clip. Join Foley Hoag’s Colin Zick and Chris Hart for a question and answer discussion about recent GDPR enforcement actions, the latest status on the California Consumer Privacy Act, recent changes to the Massachusetts data breach statute, and what other changes are in store nationally and internationally in the world of privacy and data security.… More

Happy Birthday, GDPR!

Dear GDPR,

Before you were born, you already attracted a lot of attention, after all, not everyone is born over two years after they are conceived and has 28 parents!  And your parents had to ‎resist an enormous pressure from people who predicted that once you were born, you would be a nightmare. Well, now that you have been in this world for one year,… More

Partner Colin Zick Speaks to Bloomberg Law on Why Companies Are Anxious for a Federal Move on Privacy

Bloomberg Law interviewed partner Colin Zick as part of a Special Report on how businesses are adjusting to recent data and privacy rules. Zick discusses why companies should be prepared to deal not only with GDPR requirements, but also a patchwork of state laws that may carry compliance requirements as well.

“We’re in the midst of a large public policy debate about what we’re going to do when it comes to data privacy laws,”… More

The Paris District Court Invalidates 38 Clauses of Google+ Terms of Use and Privacy Policy

It has been rough weather for Google in France. Three weeks after the French ‎Data Protection Authority imposed a record fine against Google for non-compliance with the GDPR, the Paris District Court (“Tribunal de Grande Instance”) invalidated 38 clauses of Google’s Privacy Policy and Terms of Use for Google+, the Internet-based social media network owned and operated by Google.  This decision was rendered on February 12,… More

Webinar on April 24 – GDPR: Lessons Learned from the First Year

It’s been nearly a year since the GDPR became enforceable. Now that the dust has settled, it is time to look back and see how and by whom these rules have been enforced. Foley Hoag will present a 60-minute webinar on Wednesday, April 24 at 11:00 am EDT that discusses the impact the rules have had on businesses.

In addition to learning the lessons of this past year,… More

Join us March 27: Legal and Technical Perspectives on Data Privacy and Security

Taking stock of the current privacy and security environment is critical. The legal world around data privacy continues to shift and the technical challenges to solving data security needs continue to increase in complexity.

Join Foley Hoag’s Chris Hart and Rapid7’s Jeremiah Dewey for a conversation about understanding and meeting today’s data privacy and security challenges. They will discuss the following:

  • What does the current threat environment look like?…
  • More

Blockchain and Data Privacy (Lex Mundi Series)

Editors’ Note: The following article was originally published as part of Lex Mundi’s Blockchain Whitepaper Series, which you can find here.

What data privacy concerns should practitioners have relating to blockchain technology? Answering the question involves understanding first the personal information implicated by a specific blockchain application, and then analyzing the relevant legal regimes that govern the personal information.

Personal Information

Data privacy does not implicate all information,… More

Privacy and Data Security Strategies for Start-Up Companies

Start-up companies know that, when potential investors kick the tires, they will look carefully at the company’s business model and IP portfolio.  These days, investors are also likely to look at whether the company is in compliance with privacy and data security laws.  Cybersecurity has become increasingly important for business of all sizes.  While identity thieves may focus on the target rich environments of large-scale enterprises,… More

Basics for Sharing Direct Marketing Databases with Business Partners in the EU

Many companies share personal information they gather directly from individuals with “business partners” who use the information for their own direct marketing purposes. It is the case, for example, of companies that provide services on the internet free of charge but gather and sell the data related to their users to business partners. As the Washington Post recently learned, companies with this business model may find it challenging to comply with the European requirements,… More

Cybersecurity 2019 — The Year in Preview: COPPA, the GDPR, and Protecting Children’s Data

Editors’ Note:  This is the second in our third annual end-of-year series examining important trends in data privacy and cybersecurity during the coming year.  Our previous entry was on energy and security.  Up next:  trends in state data privacy enforcement.

Since the General Data Protection Regulation (GDPR) came into effect in May 2018, one of the most common questions for practitioners is what the GDPR means for children. … More

GDPR Creates Rugby Scrum

In a recent trip to Ireland, I was surprised to see two subjects that Ireland is known for — GDPR and rugby — coming into conflict.   As reported in the Sunday Business Post, World Rugby was lobbying the Irish government to create new data protection laws to address the interaction of anti-doping testing and the laws regarding transfer of data among and between different countries.  … More

Senator Warner’s White Paper Gives Congress Options for Regulating Social Media and Technology Companies

Senator Mark Warner of Virginia has released a white paper outlining policy proposals for regulating social media and technology companies. The paper has gained significance in recent weeks as pressure builds on Congress to pass federal data privacy legislation. In the wake of Europe’s GDPR and California’s Consumer Privacy Act, industry groups, tech companies, and privacy activists alike have urged Congress to act.… More

Three Things Not to be Forgotten about the GDPR’s “Right to be Forgotten”

Our experience in advising clients about GDPR and assisting them in the compliance process is that there are often misconceptions about the so-called “right to be forgotten”. The purpose of this post is to address some of these misconceptions.

  • The “right to be forgotten” was not created by the GDPR

The GDPR replaced the EU’s 1995 Directive which provided in Article 12(b) that “Member States must guarantee every data subject the right to obtain from the controller: (…),… More

Whither the Privacy Shield?

The EU-US Privacy Shield, a framework that allows companies to transfer personal data from the EU to the US in compliance with the GDPR, has been under fire for not providing adequate protection to EU citizens.  As Foley noted in 2017, the EU’s Article 29 Working Party (now the European Data Protection Board) identified “a number of significant concerns” with the Privacy Shield in the Working Party’s First Annual Joint Review,… More

June 14 – GDPR Panel at Foley Hoag’s Export Regulatory Compliance Update Conference

Foley Hoag, along with the Massachusetts Export Center, is hosting an Export Regulatory Compliance Update Conference on Thursday, June 14.  Among the panels will be one on “Navigating the GDPR & Cybersecurity Regulatory Environment.”  Here’s a description of the Panel:

On May 25, 2018, the General Data Protection Regulation (“the GDPR”) went into effect in all Member States of the European Union. However, the GDPR has a broad scope: it applies to organizations established outside the EU that offer goods or services to individuals in the EU and/or monitor the behavior of data subjects within the EU.… More