Tag Archives: GDPR

Chinese Regulation of Children’s Personal Data Goes into Effect

On October 1, 2019, China’s new regulation to protect personal data related to children – called the “Measures on Online Protection of Children’s Personal Data” – went into effect.

As we wrote in June, when a draft of the regulation was released by the Cyberspace Administration of China, the regulation contains elements similar to those found in both the United States’ Children’s Online Privacy Protection Act (“COPPA”) and the European Union’s General Data Protection Regulation (“GDPR”).… More

EU Commission Issues Communication about GDPR

The EU Commission issued today a “Communication to the European Parliament and the Council” which is entitled “Data protection rules as a trust enabler in the EU and beyond- taking stock”, which outlines the current state of EU data protection, with particular focus on the impact of GDPR.

  1. The implementation of GDPR in the EU

The Commission notes that all EU Member States have updated their national data protection laws except for three (Greece,… More

Presentation: The New Massachusetts Data Breach Law – An Update

A new Massachusetts law toughens reporting requirements for companies and organizations hit by data security breaches and mandates requires free credit monitoring to affected consumers. Partner Colin Zick and counsel Chris Hart recently presented a webinar for Associated Industries of Massachusetts (AIM) that provides a big picture of the data privacy legal landscape, discusses real-world impacts of the new provisions and offers guidance on other upcoming changes such as the GDPR and the California Consumer Privacy Act (CCPA).… More

The Paris District Court Invalidates 38 Clauses of Google+ Terms of Use and Privacy Policy

It has been rough weather for Google in France. Three weeks after the French ‎Data Protection Authority imposed a record fine against Google for non-compliance with the GDPR, the Paris District Court (“Tribunal de Grande Instance”) invalidated 38 clauses of Google’s Privacy Policy and Terms of Use for Google+, the Internet-based social media network owned and operated by Google.  This decision was rendered on February 12,… More

EDPB Issues Opinion on the Interplay between the Clinical Trials Regulation and the GDPR

‎On January 23, 2019, the European Data Protection Board (“EDPB”) issued an interesting opinion about personal data processed in relation to clinical trials.

The main role of the EDPB – which succeeded the Article 29 Working Party – is to contribute to the consistent application of the GDPR throughout the European Union. Its tasks include providing general guidance to clarify the law and advising the European Commission on data protection issues and new legislations.… More

GDPR Alert: Google Gets Biggest Fine Ever Issued by a European Data Protection Authority

On 21 January 2019, the French Data Protection Authority (the “French DPA”) fined Google LLC 50 million euros for breach of the GDPR.

As we reported on this blog, just after GDPR became applicable, noyb.eu (None of Your Business), the non-profit privacy organization set up by Max Schrems, the Austrian lawyer who initiated the action against Facebook that led to the invalidation of the Safe Harbor,… More

Basics for Sharing Direct Marketing Databases with Business Partners in the EU

Many companies share personal information they gather directly from individuals with “business partners” who use the information for their own direct marketing purposes. It is the case, for example, of companies that provide services on the internet free of charge but gather and sell the data related to their users to business partners. As the Washington Post recently learned, companies with this business model may find it challenging to comply with the European requirements,… More

Tech Industry & Consumer Advocates Share Support for Federal Data-Privacy Legislation, Differ on the Details

In late September and early October, the Senate Commerce Committee held a pair of hearings with tech companies and consumer advocates to explore the possibility of federal data-privacy legislation.  The Committee invited representatives from tech giants such as Google, Amazon, and Twitter to testify in September, then in October invited Dr. Andrea Jelinek, Chair of the European Data Protection Board;… More

GDPR Creates Rugby Scrum

In a recent trip to Ireland, I was surprised to see two subjects that Ireland is known for — GDPR and rugby — coming into conflict.   As reported in the Sunday Business Post, World Rugby was lobbying the Irish government to create new data protection laws to address the interaction of anti-doping testing and the laws regarding transfer of data among and between different countries.  … More