Tag Archives: EU

EU Commission Issues Communication about GDPR

The EU Commission issued today a “Communication to the European Parliament and the Council” which is entitled “Data protection rules as a trust enabler in the EU and beyond- taking stock”, which outlines the current state of EU data protection, with particular focus on the impact of GDPR.

  1. The implementation of GDPR in the EU

The Commission notes that all EU Member States have updated their national data protection laws except for three (Greece,… More

The Paris District Court Invalidates 38 Clauses of Google+ Terms of Use and Privacy Policy

It has been rough weather for Google in France. Three weeks after the French ‎Data Protection Authority imposed a record fine against Google for non-compliance with the GDPR, the Paris District Court (“Tribunal de Grande Instance”) invalidated 38 clauses of Google’s Privacy Policy and Terms of Use for Google+, the Internet-based social media network owned and operated by Google.  This decision was rendered on February 12,… More

GDPR Alert: Google Gets Biggest Fine Ever Issued by a European Data Protection Authority

On 21 January 2019, the French Data Protection Authority (the “French DPA”) fined Google LLC 50 million euros for breach of the GDPR.

As we reported on this blog, just after GDPR became applicable, noyb.eu (None of Your Business), the non-profit privacy organization set up by Max Schrems, the Austrian lawyer who initiated the action against Facebook that led to the invalidation of the Safe Harbor,… More

Is the Right to be Forgotten National, European or Worldwide? The Advocate General Issues an Opinion in the Google Case

On January 10, 2019, Advocate General Szpunar issued his much awaited opinion in the Google case that was referred to the European Court of Justice by the French “Conseil d’Etat”, the highest administrative court of the country.  The Conseil d’Etat basically asked the European Court of Justice to follow-up on its Google Spain decision: is the right to be forgotten –… More

Basics for Sharing Direct Marketing Databases with Business Partners in the EU

Many companies share personal information they gather directly from individuals with “business partners” who use the information for their own direct marketing purposes. It is the case, for example, of companies that provide services on the internet free of charge but gather and sell the data related to their users to business partners. As the Washington Post recently learned, companies with this business model may find it challenging to comply with the European requirements,… More

GDPR Creates Rugby Scrum

In a recent trip to Ireland, I was surprised to see two subjects that Ireland is known for — GDPR and rugby — coming into conflict.   As reported in the Sunday Business Post, World Rugby was lobbying the Irish government to create new data protection laws to address the interaction of anti-doping testing and the laws regarding transfer of data among and between different countries.  … More

Three Things Not to be Forgotten about the GDPR’s “Right to be Forgotten”

Our experience in advising clients about GDPR and assisting them in the compliance process is that there are often misconceptions about the so-called “right to be forgotten”. The purpose of this post is to address some of these misconceptions.

  • The “right to be forgotten” was not created by the GDPR

The GDPR replaced the EU’s 1995 Directive which provided in Article 12(b) that “Member States must guarantee every data subject the right to obtain from the controller: (…),… More

Blogging from BIO 2018: Does the Life Science Industry “Get” Cyber Security?

I am attending BIO 2018 in Boston, just steps from our Boston office. Naturally, I was drawn to yesterday’s session on “Life Sciences Cyber Exposures and Risk Mitigation Considerations.” But I came away disappointed. First of all, the session was held in a small room and even then, it was only one-third full (maybe 30 people of the 16,000 attending BIO 2018 chose to attend).… More

Schrems’ Privacy Organization Files First Complaints Based on GDPR

On Friday, May 25, the day when GDPR became effective, noyb.eu (None of Your Business), the non-profit privacy organization recently set up by Max Schrems, filed the first complaints based on GDPR.

Max Schrems is the Austrian privacy lawyer who had complained about the transfer of his data to the United States by Facebook:  he argued that, in light of the Snowden revelations,… More

Schrems v. Facebook: The Show Must Go On In Vienna, But Now As A One-Man Show

Recently, Austrian privacy activist Maximilian Schrems won a partial victory in his continuing battles with Facebook. We discuss that case below. But first, we review his prior tilts with Facebook.

Schrems in Ireland’s Courts

When Schrems was a college student, he heard a Facebook representative at a conference talk about European privacy rules with a lack of consideration that shocked him. Since then, Schrems has been fighting Facebook on many fronts.… More