Global Privacy & Security Compliance Law Blog

Tag Archives: personal data

Practical Considerations for Assessing Data Transfers after Schrems II

Latham develops new resource to identify considerations for assessing SCC and BCR data transfers in Europe. By Gail E. Crawford, Fiona M. Maclean, Michael H. Rubin, Serrin Turner, Tim Wybitul, and Ulrich Wuermeling Following the Schrems II decision in July 2020, organisations relying on the standard contractual clauses (SCCs) or Binding Corporate Rules (BCRs) to … Continue Reading

French Data Protection Authority Hands Down First Sanction as Lead Authority

The CNIL has imposed a €250,000 fine on an online retailer for GDPR infringements in cooperation with other EU supervisory authorities. By Myria Saarinen and Charlotte Guerin Founded in 2006 and headquartered in France, Spartoo SAS (Spartoo) is one of the leaders of the European online shoe retail market. On 31 May 2018, a week … Continue Reading

CJEU Invalidates EU-US Privacy Shield

A ruling by the EU’s top court invalidates the key mechanism for transferring personal data from the EU to the US and imposes additional conditions for use of the standard contractual clauses. By Gail E. Crawford, Fiona M. Maclean, Michael H. Rubin, Ulrich Wuermeling, Calum Docherty, and Amy Smyth On 16 July 2020, the Court of … Continue Reading

Hong Kong Privacy Regulator Responds to Personal Data Privacy Issues Arising From COVID-19

Hong Kong regulator declares that the disclosure of personal data of potential COVID-19 carriers is permissible under law. By Kieran Donovan COVID-19 is having a profound impact not only on the way the world interacts socially, but also in the way it interacts in business. Businesses are choosing to protect the health and well-being of … Continue Reading

UK MRC Clarifies When Health Data Is Anonymised in Research Context

Research participants must identify which data sets constitute personal data to ensure compliance with the GDPR. By Frances Stocks Allen and Mihail Krepchev The UK Medical Research Council (MRC) has published a useful guidance note on the identifiability, anonymisation, and pseudonymisation of personal data in the context of research activities (the Guidance). The Guidance reminds … Continue Reading

Adtech and Real Time Bidding in the Regulatory Crosshairs

UK data protection regulator demands companies in the RTB ecosystem re-evaluate privacy notices, use of personal data, and lawful basis. By Robert Blamires, Calum Docherty, Laura Holden, and Lucy Tucker The UK Information Commissioner’s Office’s (ICO’s) latest report into adtech and real time bidding (RTB) (the ICO Report) provides a stark assessment of the adtech … Continue Reading

Clinical Trials Under the GDPR: What Should Sponsors Consider?

Sponsors outside the European Union conducting clinical trials in the EU should consider current guidelines and the Breyer case to understand whether GDPR requirements will apply to them. By Gail Crawford and Frances Stocks Allen Many sponsors of clinical trials believe that companies based outside the EU who sponsor clinical trials conducted in the EU … Continue Reading
LexBlog