On 15 December 2020, the EU data protection regulator – the European Data Protection Board – adopted its Strategy for 2021-2023, which outlines its objectives and key actions for the upcoming years. At the outset, the EDPB recalls that its strategy, as well as its work in general, are guided […]
Since Europe’s General Data Protection Regulation took effect in May 2018, a growing number of legislatures around the world have introduced comprehensive data protection laws that emulate the GDPR or have updated existing laws to align with it. California became the first major non-European economy to catch the GDPR wave […]
For better or for worse: 2020 is shortly coming to an end. This means that the end of the Brexit transition period is also just around the corner. Background On December 31, 2020, the post-Brexit transitional arrangements between the EU and the UK will expire. However, the EU GDPR will […]
The UK’s Information Commissioner’s Office has, over the course of this week, published various notes of advice and blog posts to organisations and data subjects in respect of the coronavirus (COVID-19) pandemic.
The United Kingdom left the European Union at 11:00 pm on January 31, 2020. However, the UK has entered into transitional arrangements with the EU under which the existing data protection frameworks established by the GDPR, including the EU-US Privacy Shield, will continue to apply until December 31, 2020 (the period until […]
On 29 July 2019, the Court of Justice of the European Union handed down its decision in the Fashion ID case, dealing with alleged unlawful data collection through the Facebook Like button and the controllership of said data. In short, the CJEU held that websites containing embedded third-party content can […]
UK ICO Cites Inadequate M&A Data Protection Due Diligence as a Factor in Proposing $125M Breach Fine
On July 9, 2019, the UK Information Commissioner’s Office (ICO) publicly announced its intent to impose a £99M (approximately $123M) GDPR fine on Marriott in connection with the discovery and notification of a data breach at Starwood. Among its justifications for the record fine, the ICO cited inadequate data protection […]
The UK Information Commissioner’s Office (ICO) has issued Notices of Intent (NOI) to fine British Airways (for £183m) and US hotel group Marriott (for £99m) for breaches of the EU General Data Protection Regulation (GDPR). Assuming that fines are ultimately issued, these will be the first fines to be issued […]
With the EU General Data Protection Regulation (the “GDPR”) now over a year old, companies may feel that their data privacy challenges have settled down and that their GDPR work is complete. While that may be true for some companies, the reality for most is that their GDPR compliance efforts […]
On 30 May 2019, the UK data protection regulator, the Information Commissioner’s Office (ICO) published a report, reflecting on its experiences over the year since the introduction of the General Data Protection Regulation (2016/679) (GDPR) and sharing its learnings.