After the official statements of the European Data Protection Board (EDPB) and several Supervisory Authorities (SAs), it is clear that at the moment there is no practical way for data to lawfully flow from the EU to the US. The reasoning in 5 steps: On 16 July 2020 the Court of Justice of the European Union (CJEU) invalidated the European ...
In the evolving COVID-19 scenario in which business continuity also depends on adequate data protection and cybersecurity practices on the part of organizations, knowledge mapping of privacy & data protection guidance and cybersecurity best practices has taken on an even more important role. It’s for that very reason that, without the presumption of completeness, I ...
Article 26 GDPR on Joint controllers determines that, "Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the ...
On 28 November 2019 the European Data Protection Supervisor announced that "it is carrying out an investigation into the European Parliament’s use of a US-based political campaigning company to process personal data as part of its activities relating to the 2019 EU parliamentary election." In its press release the EDPS stressed that "Election campaigns are ...
The EDPS Guidelines provide instructions to EU institutions and bodies for compliance with Regulation 2018/1725 with respect to the concepts of controller, processor and joint controllership and examines responsibilities and obligations concerning data subject rights, specific case studies for controller-processor, separate controllership and joint controllership situations and are intended to aid managment in "supporting ...
The new rules governing the protection of personal data in EU institutions and the formal duties of the EDPS are established in Regulation (EU) 2018/1725 which replaces Regulation (EC) No 45/2001. As the EDPS pointed out in it's recent press release, the adoption of this regulation represents a fundamental step in the completion of the EU data protection framework. What's ...
The EDPS has published a new Opinion on the “A New Deal for Consumers” legislative package. The package consists of two proposals: one for a Directive as regards better enforcement and modernisation of EU consumer protection rules and for a Directive on representative actions for the protection of the collective interests of consumers. You can access the ...
Just a few days ago the ICO published its "Investigation into the use of data analytics in political campaigns Investigation update" report that provides details with respect to the office of Information Commissioner Elizabeth Denham's investigation of the widespread use of data analytics in electoral campaigns. The report largely focuses on Facebook and Cambridge Analytica as ...
One month after the EU's General Data Protection Regulation has become directly applicable in all EU Member States, I would like to take the opportunity to consider the importance of what I deem to be a fundamental pillar of privacy and data protection: Data Protection by Design/Default (“DPbD”). What is data protection ‘by design’ and ‘by default’? ...
Earlier this week in his blog, Wojciech Wiewiórowski (Assistant Supervisor at the EDPS) discussed the importance of civil society organisations as strategic allies of European DPAs because they play an important role in the practical application of data protection principles by "empowering individuals to assert their rights and holding data controllers accountable for their actions." Wiewiórowski pointed out ...
Top-tier European ICT, Privacy & Cybersecurity lawyer. Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law. Founding Partner of ICT Legal Consulting. Lead Auditor BS ISO/IEC 27001:2013.
Read more
CONNECT