Archives: European Union

Subscribe to European Union RSS Feed

German Courts Decide Whether an Infringement of the GDPR also Qualifies as Unfair-Competitive Behavior

Under the Data Protection Directive (now superseded by the General Data Protection Regulation, “GDPR”), it was disputed whether a violation of the German Data Protection Law transposing the Directive could serve as a basis for anti-competition claims under the German Act Against Unfair Competition (“Gesetz gegen den unlauteren Wettbewerb”, “UWG”).  Since the entry into force … Continue Reading

European Data Protection Board Issues Draft Guidelines on Extra-Territorial Application of the GDPR

On November 23, 2018, the European Data Protection Board (“EDPB”) issued draft Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) (“Guidelines”). As per standard procedure, the EDPB has published this first version of the Guidelines to allow for public consultation about its contents over the next several months. At the conclusion of … Continue Reading

Dutch Supervisory Authority Imposes GDPR Security Standard for Processing Broadly Defined Health Data

In early November, the Dutch Supervisory Authority released an injunction imposed against the public insurance body Uitvoeringsinstituut Werkgeversverzekering (“UWV”) last July. The UWV allows employers to submit data about their employees for social security purposes.  The data includes dates of employee absences due to general illness (and when an employee is pregnant or gave birth, … Continue Reading

European Regulators Are Intensifying GDPR Enforcement

Earlier this year, in the run-up to the General Data Protection Regulation’s (“GDPR”) May 25, 2018 date of application, a major question for stakeholders was how zealously the GDPR would be enforced.  Now, as the GDPR approaches its six-month birthday, an answer to that question is rapidly emerging.  Enforcement appears to be ramping up significantly.  … Continue Reading

The CNIL Publishes Report On Blockchain and the GDPR

On November 6, 2018, the French data protection authority (the “CNIL”) published a report that discusses some of the questions raised by the use of blockchain technology and perceived tensions between it and foundational principles found in the General Data Protection Regulation (the “GDPR”).  As we noted in an earlier blog post on this topic, … Continue Reading

Portuguese hospital receives and contests 400,000 € fine for GDPR infringement

On July 17, 2018, the Portuguese Supervisory Authority (“CNPD”) imposed a fine of 400.000 € on a hospital for infringement of the European Union General Data Protection Regulation (“GDPR”).  The decision has not been made public.  Earlier this week, the hospital publicly announced that it will contest the fine. According to press reports, the CNPD … Continue Reading

Dutch Supervisory Authority releases guidance on the interaction between the GDPR and PSD2

On October 18, 2018, the Dutch Supervisory Authority for data protection adopted guidance on the second Payment Service Directive (“PSD2”).  The PSD2 intends to open the financial services market to a larger scale of innovative online services.  To that effect, the PSD2 sets out rules for obtaining access to the financial information of bank customers.  … Continue Reading

Italian court decides that a data protection officer does not have to be a certified ISO 27001 Auditor

On September 5, 2018, a first instance Administrative Court in Italy decided that a public company cannot reject an application for the position of data protection officer (“DPO”) on the basis that the applicant is not a certified ISO 27001 Auditor / Lead Auditor (decision available here). ISO 27001 is an international information security standard. … Continue Reading

The Implications of the GDPR on Clinical Trials in Europe

On October 23, 2018, the European Federation of Pharmaceutical Industries in cooperation with the Future of Privacy Forum and the Center for Information Policy Leadership will organize a workshop entitled, “Can GDPR Work for Health Research.”  In the first session, the workshop will discuss the implications of the General Data Protection Regulation (“GDPR”) on clinical … Continue Reading

IoT Update: The UK publishes a final version of its Code of Practice for Consumer IoT Security

By Grace Kim and Siobhan Kahmann Following an informal consultation earlier this year – as covered by our previous IoT Update here – the UK’s Department for Digital, Culture, Media and Sport (“DCMS”) published the final version of its Code of Practice for Consumer IoT Security (“Code”) on October 14, 2018. This was developed by … Continue Reading

UK “No-Deal Brexit” Technical Notice Sets Out Plans on EU – UK Data Flows

By Grace Kim and Ezra Steinhardt On September 13, 2018, the UK government published a series of technical notices on how to prepare for a scenario in which the UK leaves the EU without agreement on March 29, 2019 (“no-deal Brexit”).  The government stressed that a no-deal Brexit “remains unlikely given the mutual interests of … Continue Reading

EU and Japan conclude talks on reciprocal adequacy finding

On July 17, 2018, the European Commission successfully concluded negotiations with Japan on a reciprocal adequacy finding which will allow personal data to flow freely from the EU to Japan (and vice versa). The adequacy decision has not yet been formally adopted, as it must still undergo the respective EU and Japanese approval procedures, which … Continue Reading

French Supervisory Authority Issues 2 GDPR Warnings

By Kristof Van Quathem and Anna Sophia Oberschelp de Meneses  Exactly one month after the GDPR started applying, the French Supervisory Authority (“CNIL”) issued a formal warning to two companies in relation to their processing of localization data for targeted advertising (see here).  The CNIL found that the consent on which both companies relied did … Continue Reading

The GDPR and Blockchain

Blockchain technology has the potential to revolutionise many industries; it has been said that “blockchain will do to the financial system what the internet did to media”.  Its most famous use is its role as the architecture of the cryptocurrency Bitcoin, however it has many other potential uses in the financial sector, for instance in … Continue Reading

Dutch Supervisory Authority Announces GDPR Investigation

On July 17, 2018, the Dutch Supervisory Authority announced that it will start a preliminary investigation to assess whether certain large corporations comply with the EU’s General Data Protection Regulation (“GDPR”) – see the official press release here (in Dutch).  To that end, the authority will review the “records of processing activities” from thirty randomly … Continue Reading

Post GDPR: ECHR Ruling Confirms the Prevalence of Freedom of Expression and Information Over the Right of Erasure

By Kristof Van Quathem and Anna Sophia Oberschelp de Meneses The European Court of Human Rights (“ECHR”) decided on 28 June 2018 that the right to request the erasure of personal data on prior convictions, may be trumped by the right to freedom of expression and information.  The court confirmed prior case law deciding that the … Continue Reading

UK Regulators Publish Joint Discussion Paper on Operational Resilience in the UK Financial Sector

By Mark Young and Gemma Nash The UK Financial Conduct Authority (“FCA”) published on July 5 a joint Discussion Paper with the Prudential Regulation Authority (“PRA”) and the Bank of England (“BoE”) on “Building the UK financial sector’s operational resilience.” The Discussion Paper focuses on the ability of regulated firms and financial market infrastructures (“FMIs”) … Continue Reading

GDPR Applies From Today

The much discussed and long-awaited General Data Protection Regulation (“GDPR”) applies from today, May 25, 2018.  It will update and harmonize data protection laws across the EU, and sets out comprehensive rules in relation to personal data handling, as well as the rights of individuals over their personal data. It is unclear how aggressively the … Continue Reading

Interactive Advertising Bureau Europe Opens Registration for Transparency and Consent Framework

IAB Europe opened the registration process for vendors and consent management providers (“CMPs”) to apply for approved status under IAB Europe’s Transparency and Consent Framework (“Framework”). The Framework intends to provide publishers that have decided that the interest-based advertising products available on their platforms require user consent to deploy a standardized framework to (1) disclose … Continue Reading

Covington’s Jetty Tielemans Receives IAPP’s Highest Honor

Henriette Tielemans, co-chair of Covington’s global Data Privacy and Cybersecurity practice, has today received the IAPP Privacy Vanguard Award, the industry’s top honor, for her lifelong services to the data privacy community. The International Association of Privacy Professionals (IAPP) is the world’s largest and most comprehensive global information privacy community. Each year, the IAPP names … Continue Reading

Overlap Between the GDPR and PSD2

By Bruce Bennett, Carlo Kostka, Charlotte Hill, Craig Pollack, Dan Cooper, Gemma Nash, Kristof Van Quathem, Mark Young, and Sophie Bertin The EU Payment Services Directive (PSD2), which took effect on January 13, 2018, puts an obligation on banks to give Third Party Providers (TPPs) access to a customer’s payment account data, provided the customer expressly … Continue Reading

CJEU Rejects Consumer Privacy Class Action

By Dan Cooper, Joseph Jones, and Ruth Scoles Mitchell On January 25, 2018, the Court of Justice of the European Union (“CJEU”) handed down a ruling permitting consumer privacy actions to be brought in the consumer’s home jurisdiction — as opposed to the jurisdiction in which the defendant data controller has its main establishment — … Continue Reading

Voice Technologies, Meet the EU E-Privacy Regulation

On January 12, the International Consumer Electronics Show (CES) in Las Vegas closed its doors for another year.  Each CES raises a new set of technology themes, ranging from robots to smart fridges — and this year, the winner was voice technologies.  Such technologies, while not entirely new, are now becoming mainstream:  sales of smart … Continue Reading
LexBlog