Tag: GDPR
Fashion ID Case: CJEU Rules on Plug-ins and Joint Controllership
On 29 July 2019, the Court of Justice of the European Union handed down its decision in the Fashion ID case, dealing with alleged unlawful data collection through the Facebook Like button and the controllership of said data. In short, the CJEU held that websites containing embedded third-party content can […]
UK ICO Cites Inadequate M&A Data Protection Due Diligence as a Factor in Proposing $125M Breach Fine
On July 9, 2019, the UK Information Commissioner’s Office (ICO) publicly announced its intent to impose a £99M (approximately $123M) GDPR fine on Marriott in connection with the discovery and notification of a data breach at Starwood. Among its justifications for the record fine, the ICO cited inadequate data protection […]
Will BA, Marriott Have to Pay UK ICO’s Huge Breach Fines? We Look at What’s Next.
The UK Information Commissioner’s Office (ICO) has issued Notices of Intent (NOI) to fine British Airways (for £183m) and US hotel group Marriott (for £99m) for breaches of the EU General Data Protection Regulation (GDPR). Assuming that fines are ultimately issued, these will be the first fines to be issued […]
At GDPR’s One Year Mark, Continued Compliance Efforts are Key and Can Help with CCPA Compliance
With the EU General Data Protection Regulation (the “GDPR”) now over a year old, companies may feel that their data privacy challenges have settled down and that their GDPR work is complete. While that may be true for some companies, the reality for most is that their GDPR compliance efforts […]
GDPR: Looking to the Year Ahead
On 30 May 2019, the UK data protection regulator, the Information Commissioner’s Office (ICO) published a report, reflecting on its experiences over the year since the introduction of the General Data Protection Regulation (2016/679) (GDPR) and sharing its learnings.
UK regulator focuses on GDPR challenges faced by the adtech industry
On 6 March 2019, the UK data protection regulator, the Information Commissioner’s Office (ICO) convened an adtech fact-finding forum of industry stakeholders, aimed at developing its understanding of the adtech ecosystem (with a particular focus on programmatic advertising and real-time bidding) and exploring key themes raised by adtech from a […]
GDPR DPO University – October 18
On Thursday, October 18, Cooley’s cyber/data/ privacy practice will be holding GDPR DPO University in our New York office. The EU General Data Protection Regulation has required many organizations to appoint Data Protection Officers. With demand for DPOs far outstripping the supply, many newly-minted DPOs need to quickly develop data […]
Brazil’s New Data Protection Law: The LGPD
Updated September 3, 2019 Our post on key updates to the LGPD can be found here The global data protection landscape continues to evolve, and Brazil is the latest country to enact an omnibus law governing how organizations collect, use, disclose and otherwise process personal data. Beginning on August 16, […]
GDPR and AML – a perfect pair?
The General Data Protection Regulation (GDPR) has been one of the most highly anticipated and talked about changes to the legal sphere in years, affecting the vast majority of businesses and individuals alike. The primary focus to date has been on the implementation deadline of 25 May 2018 and the […]
GDPR – Do I Need Consent to Process Personal Data?
If you are handling personal data of EU citizens, you will need some justification in order to do so. Under the new rules, the basic concept of consent has not changed, nor has its role as a lawful basis for processing personal data: consent remains a possible option. However, the […]