David and Goliath: the GDPR and regulating the data-centric society

One year from the direct applicability of the new European Privacy Regulation... “Regulating the internet giants: The world’s most valuable resource is no longer oil, but data” published in the May 6th 2017 edition of The Economist explains the enormous power that Internet companies have due to their control over data.  It rightly describes that “uantity ...

Committee on Industry, Research and Energy Draft Opinion on ePrivacy

The Draft Opinion from Rapporteur MEP Kaja Kallas (ITRE) welcomes the change of legal instrument from a Directive to a Regulation, the extension of its scope, and the Commission's attempt to be technologically neutral, but proposes several amendments to the Draft ePrivacy Regulation. Specific qualms from the Committee on Industry, Research and Energy include provisions on tracking and ...

The Italian DPA issued its first guidelines on the GDPR

My article published on Lexology. Scenario On 28 April the Italian Data Protection Authority (“Garante”) issued its first guidance on the new provisions of the General Data Protection Regulation (“GDPR”), consisting of a schematic overview of the changes in the current legal framework and recommendations on how to face them. The Garante focused on six specific aspects: Lawfulness ...

DIGITAL OUT-OF-HOME (DOOH) ADVERTISING AND THE FUTURE OF CORPORATE SOCIAL RESPONSIBILITY

Have you ever heard of Digital Out-of-Home (DOOH) advertising? Probably not, but it has most likely seen you, without your consent and without you even realizing it. The world of advertising has made incredible progress thanks to the digitalization of something as simple as the billboard. Shopping malls, airports and train stations are full of strategically ...

Complementing the GDPR: The ePrivacy Regulation Part I

This is the first blog of a series of posts which will explore aspects of the ePrivacy Regulation adopted on 10 January 2017 which aims to provide stronger privacy protections in electronic communications. On 10 January 2017 the European Commission adopted the Proposal for a Regulation on Privacy and Electronic Communications (the Draft ePrivacy Regulation) concerning ...

University of Maastricht’s European Centre on Privacy and Cybersecurity

In January of this year I became a Visiting Fellow at the University of Maastricht's European Centre on Privacy and Cybersecurity, a platform for research focused on legal issues related to personal data protection and cybersecurity. ECPC has a strong European and international outlook and brings together an interdisciplinary group of researchers active in areas of ...

Brexit and the future of data transfers to the UK

On 29 March 2017 Theresa May, the Prime Minister of the United Kingdom, officially invoked Article 50 of the Treaty on European Union, effectively triggering Brexit.  But what does that mean for us as data protection and privacy experts and how will companies be affected by Brexit? The Lisbon Treaty establishes that countries exiting the EU ...

The Case of Standard Contractual Clauses: The Irish Data Protection Commissioner & Max Schrems

“The supervisory authorities should have the power to prohibit or suspend a data transfer or a set of transfers based on the standard contractual clauses in those exceptional cases where it is established that a transfer on contractual basis is likely to have a substantial adverse effect on the warranties and obligations providing adequate protection ...

Article 29 Working Party publishes Privacy Shield enforcement documents

The Article 29 Working Party is preparing for enforcement as the nine-month grace period for US Companies that self-certified before 30 September 2016 comes to an end on 30 June 2017. As of today there are a total of 1,750 organizations signed up to the EU-US Privacy Shield List, which applies to the transfer of all ...