“The supervisory authorities should have the power to prohibit or suspend a data transfer or a set of transfers based on the standard contractual clauses in those exceptional cases where it is established that a transfer on contractual basis is likely to have a substantial adverse effect on the warranties and obligations providing adequate protection ...
The Article 29 Working Party is preparing for enforcement as the nine-month grace period for US Companies that self-certified before 30 September 2016 comes to an end on 30 June 2017. As of today there are a total of 1,750 organizations signed up to the EU-US Privacy Shield List, which applies to the transfer of all ...
Background information/scenario Since the publication of the Guidelines Applying to the Use of E-Mails and the Internet in the Employment Context, the Italian Data Protection Authority (“Garante”) has had more than one opportunity to state its view on the controls of IT devices provided to employees to perform their job. In the case at stake, a ...
Background information/scenario Do marketing purposes need specific consent and does such consent apply even when targeting professionals and companies whose contacts are publicly available on Internet? In one of its first decisions dated 2017, the Italian Data Protection Authority (“Garante”) restated that all data controllers must collect a freely given and specific consent in order to ...
The Article 29 Working Party adopted three sets of guidelines in its December 2016 Plenary Meeting including Guidelines and FAQs on the right to Data Portability, Guidelines and FAQs on the Lead Supervisory Authority, Guidelines and FAQs on Data Protection Officers (DPO). These Guidelines are particularly useful in light of the GDPR, which makes it mandatory for ...
Today the EU-US "Umbrella Agreement", the data protection framework for EU-US law enforcement cooperation, received a green light from the European Parliament without referral to the CJEU. Importantly, the Agreement will provide EU citizens with judicial redress rights in US courts in case of breaches, a key point for the EU during the long negotiation ...
Today the European Data Protection Supervisor published two very welcomed guidelines on personal data protection. The first deals with the protection of personal data processed through web services and the second personal data processed by mobile applications provided by European Union institutions. You can find the complete guidelines below. Guidelines on the protection of personal data processed through ...
Top-tier European ICT, Privacy & Cybersecurity lawyer. Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law. Founding Partner of ICT Legal Consulting. Lead Auditor BS ISO/IEC 27001:2013.
Read more
CONNECT