Global Privacy & Security Compliance Law Blog

Tag Archives: CJEU

CJEU Sets High Bar for Responses to Data Subject Access Requests

Organisations must provide individuals with information on the specific recipients of their data upon request. By Tim Wybitul, Isabelle Brams, Calum Docherty, and Amy Smyth The Court of Justice of the European Union (CJEU) has ruled that organisations must generally disclose the specific identity of data recipients on request from an individual in order to … Continue Reading

CJEU Advocate General Rejects Strict Liability for GDPR Fines

The CJEU’s final ruling could subject companies to direct GDPR enforcement by DPAs notwithstanding national procedural rules, but may rule against strict liability under the GDPR. By Tim Wybitul, Myria Saarinen, Isabelle Brams, Irina Vasile, and Amy Smyth On 27 April 2023 Advocate General of the Court of Justice of the European Union (CJEU) Campos … Continue Reading

Advocate General: No Compensation for Mere Upset Caused by GDPR Infringement

The Advocate General opined that data subjects must prove that they suffered damage from a GDPR breach in order to claim compensation. By Tim Wybitul, Isabelle Brams, Lara Nonninger, and Hayley Pizzey Article 82 of the General Data Protection Regulation (GDPR) states that any person who has suffered material or non-material damage as a result … Continue Reading

CJEU AG Sets High Bar for Responses to Data Subject Access Requests

The Advocate General argues that organisations should provide individuals with information on the specific recipients of their personal data. By Tim Wybitul, James Lloyd, Isabelle Brams, Irina Vasile, and Amy Smyth Advocate General Giovanni Pitruzzella (AG) of the Court of Justice of the European Union (CJEU) recently delivered an opinion (the Opinion) regarding the interpretation … Continue Reading

CNIL Publishes White Paper on Digital Payments and Data Privacy

The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. By Christian F. McDermott, Myria Saarinen, Calum Docherty, Charlotte Guerin, Jiou (Alex) Park, and Amy Smyth The use of card, contactless, and innovative digital payment solutions has significantly increased in recent years, fueled by the immediate impacts … Continue Reading

German Court: CJEU Must Clarify Whether GDPR Provides Materiality Threshold

The decision means the CJEU will need to clarify the framework for GDPR damages claims. By Tim Wybitul, Dr. Christoph Baus, and Dr. Isabelle Brams The German Federal Constitutional Court has ruled that the Court of Justice of the European Union (CJEU) needs to clarify if the General Data Protection Regulation (GDPR) provides for a … Continue Reading

Swiss Regulator Determines Swiss-US Privacy Shield Is Inadequate

Swiss companies are advised to take additional measures when transferring personal data from Switzerland to the US. By Gail E. Crawford, Fiona M. Maclean, and Amy Smyth On 8 September 2020, the Swiss data protection authority, Adrian Lobsiger (the Federal Data Protection and Information Commissioner, FDPIC), concluded in his annual review that the Swiss-US Privacy … Continue Reading
LexBlog