Global Privacy & Security Compliance Law Blog

Tag Archives: EDPB

European Data Protection Board Focuses Coordinated Enforcement on Data Protection Officers

Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year. By Gail E. Crawford, Fiona M. Maclean, Ben Leigh, and Amy Smyth The European Data Protection Board (EDPB) has announced that its coordinated enforcement action for 2023 will focus on the designation and position of data … Continue Reading

EDPB Emphasizes “Dissuasive” Fines in New Draft Guidelines on GDPR Fine Calculation

The EDPB sets out relevant steps and factors that EU supervisory authorities should consider when calculating administrative fines under the GDPR. By Gail Crawford, Ian Felstead, James Lloyd, Tim Wybitul, Irina Vasile, Sami Qureshi, and Amy Smyth On 16 May 2022, the European Data Protection Board (EDPB) adopted draft Guidelines 04/2022 on the calculation of … Continue Reading

CNIL Publishes White Paper on Digital Payments and Data Privacy

The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. By Christian F. McDermott, Myria Saarinen, Calum Docherty, Charlotte Guerin, Jiou (Alex) Park, and Amy Smyth The use of card, contactless, and innovative digital payment solutions has significantly increased in recent years, fueled by the immediate impacts … Continue Reading

EDPB Issues New Guidance on Storing Credit Card Data for Future Purchases

Online retailers storing credit card data for the sole purpose of facilitating further purchases will likely need to obtain consumer consent. By Christian F. McDermott, Calum Docherty, and Victoria Wan Online shopping has boomed in recent years. In 2020, the European statistics agency Eurostat estimated that 7 out of 10 internet users made online purchases … Continue Reading

The Commission’s Draft Updated Standard Contractual Clauses — A Close Look

The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision. By Gail Crawford, Ian Felstead, Fiona Maclean, Serrin Turner, Tim Wybitul, Victoria Wan, and Amy Smyth On 12 November 2020, the European Commission (the Commission) published a draft implementing decision, annexing a draft set of updated standard contractual … Continue Reading

France’s Highest Administrative Court Provides Insights on Lawful Cookie Practices

Court’s decision struck down blanket prohibition on so-called “cookie walls” that prevent users from accessing a website or an application. By Myria Saarinen and Charlotte Guérin France’s Highest Administrative Court (the Conseil d’Etat) issued a decision on 19 June 2020 upholding most of the guidance on cookies and other tracking devices that the French Data … Continue Reading

EDPB Guidelines – What is the Territorial Reach of the GDPR?

After the recent two-year anniversary of the GDPR, one fundamental question remains — who does the GDPR apply to? By Gail Crawford, Ulrich Wuermeling, and Calum Docherty Last month marked the two-year anniversary of the General Data Protection Regulation (GDPR), but its territorial reach is still hotly debated. This blog post takes a detailed look … Continue Reading

Data Protection Impacts for UK Businesses Under the UK Withdrawal Agreement

“Business as usual” for UK-EU data protection transition in 2020.   By Gail E. Crawford and Susan Mann On 29 January 2020, the EU Parliament approved the UK Withdrawal Agreement after the UK Parliament’s ratification via the EU Withdrawal Act 2020 on 23 January 2020 (Withdrawal Agreement). The Withdrawal Agreement maintains the UK pre-Brexit position … Continue Reading
LexBlog