On June 24, 2020, the European Commission (“Commission”) published its much-anticipated assessment of the EU’s General Data Protection Regulation (“GDPR”) two years after it went into effect. The assessment takes into account contributions from the European Council, the European Parliament, the European Data Protection Board (“EDPB”), individual supervisory authorities, the Multi-Stakeholder Expert Group and other … Continue Reading
On 8 April 2020, the European Commission adopted a recommendation on a common European Union toolbox for the use of technology and data to address the COVID-19 crisis (“Recommendation”). The Recommendation responds to calls for a common EU approach to the use of mobile apps in combatting COVID-19—one that improves the efficacy of the technology … Continue Reading
In this final instalment of our series of blogs on the European Commission’s plans for AI and data, announced on 19 February 2020, we discuss some potential effects on companies in the digital health sector. As discussed in our previous blog posts (here, here and here), the papers published by the European Commission cover broad … Continue Reading
On 19 February 2020, the European Commission presented its long-awaited strategies for data and AI. These follow Commission President Ursula von der Leyen’s commitment upon taking office to put forward legislative proposals for a “coordinated European approach to the human and ethical implications of AI” within the new Commission’s first 100 days. Although the papers … Continue Reading
On December 3, 2019, the EU’s new Commissioner for the Internal Market, Thierry Breton, suggested a change of approach to the proposed e-Privacy Regulation may be necessary. At a meeting of the Telecoms Council, Breton indicated that the Commission would likely develop a new proposal, following the Council’s rejection of a compromise text on November … Continue Reading
On October 23, 2019, the European Commission (“Commission”) published its Report on the third annual review of the EU-U.S. Privacy Shield (“Privacy Shield”) (the Report is accompanied by a Staff Working Document). The Report “confirms that the U.S. continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield” (see … Continue Reading
On July 24, 2019, the European Commission (“the Commission”) published a report appraising Europe’s progress in implementing the General Data Protection Regulation (“GDPR”) as a central component of its revamped data protection framework. In its report, the Commission highlights certain achievements resulting from implementation efforts, calls attention to issues that require further action, and describes … Continue Reading
On July 12, 2019, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) issued a joint opinion on the processing of patient data and the role of the European Commission within the eHealth Digital Service Infrastructure (“eHDSI”). Background The eHDSI system was established in the context of the eHealth Network. The … Continue Reading
On June 20, 2019, Keith Krach was confirmed by the U.S. Senate to become the Trump administration’s first permanent Privacy Shield Ombudsperson at the State Department. The role of the Privacy Shield Ombudsperson is to act as an additional redress avenue for all EU data subjects whose data is transferred from the EU or Switzerland … Continue Reading
On April 10, 2019, European Commission Directorate-General for Health and Food Safety issued a revised Q&A analyzing the interplay between the EU Clinical Trials Regulation (“CTR”) and the EU General Data Protection Regulation (“GDPR”). The revised Q&A takes into account the opinion of the European Data Protection Board (“EDPB”) issued on January 23, 2019, on … Continue Reading
On April 8, 2019, the EU High-Level Expert Group on Artificial Intelligence (the “AI HLEG”) published its “Ethics Guidelines for Trustworthy AI” (the “guidance”). This follows a stakeholder consultation on its draft guidelines published in December 2018 (the “draft guidance”) (see our previous blog post for more information on the draft guidance). The guidance retains … Continue Reading
The European Commission (“Commission”) has published a Recommendation on cybersecurity in the energy sector (“Recommendation”). The Recommendation builds on recent EU legislation in this area, including the NIS Directive and EU Cybersecurity Act (see our posts here and here). It sets out guidance to achieve a higher level of cybersecurity taking into account specific characteristics … Continue Reading
On January 24, the European Data Protection Board (“EDPB”) adopted a report (“Report”) regarding the second annual review of the EU-U.S. Privacy Shield (“Privacy Shield”). In a press release accompanying the Report, the EDPB welcomed efforts by EU and U.S. authorities to implement the Privacy Shield, including in particular the recent appointment of a permanent … Continue Reading
[Update to previous post from August 17, 2018] On January 23, 2019, the European Commission and Japan mutually recognized each other’s data protection laws as providing an adequate level of protection of personal data (see European Commission press release here). As a result, nearly all personal data can now flow freely between the EU and … Continue Reading
Earlier this week, the European Commission (“Commission”) published its Report on the second annual review of the EU-U.S. Privacy Shield (“Privacy Shield”) (the Report is accompanied by a Staff Working Document). The Report concludes that the Privacy Shield “continues to ensure an adequate level of protection” for personal data transferred from the EU to the … Continue Reading
Last week, the National Telecommunications and Information Administration (“NTIA”) released submissions it had received from the Federal Trade Commission (“FTC”) staff and many other parties on NTIA’s proposed framework for advancing consumer privacy while protecting innovation. Although NTIA did not request comments on a possible federal privacy bill, most submissions took the opportunity to inform … Continue Reading
The European Commission has today published its Report on the first annual review of the EU-U.S. Privacy Shield (the Report is accompanied with a Staff Working Document, Infographic, and Q&A). The Commission concludes that Privacy Shield continues to ensure an adequate level of protection for personal data transferred from the EU to Privacy Shield-certified companies … Continue Reading
On October 3, 2017, the Irish High Court referred Data Protection Commissioner v Facebook Ireland Limited [2016 No. 4809 P.] to the Court of Justice of the European Union (“CJEU”). The case, commonly referred to as Schrems II, is based on a complaint by Max Schrems concerning the transfer of personal data by Facebook, from … Continue Reading
Last week, in his annual State of the European Union Address, the President of the European Commission Jean-Claude Juncker called out cybersecurity as a key priority for the European Union in the year ahead. In terms of ranking priorities, President Juncker placed tackling cyber threats just one place below the EU leading the fight against … Continue Reading
Earlier this month, the UK Government published a consultation on plans to implement the EU Directive on security of network and information systems (the “NIS Directive”, otherwise known as the Cybersecurity Directive). The consultation includes a proposal to fine firms that fail to implement “appropriate and proportionate security measures” up to EUR 20 million or … Continue Reading
By Dan Cooper and Rosie Klement On July 26, 2017, the Court of Justice of the EU (CJEU) published Opinion 1-15 (the “Opinion”) on the proposed agreement between the European Union and Canada on the transfer and processing of passenger name record (“PNR”) data (the “Agreement”). The Agreement was signed in 2014, but the CJEU … Continue Reading
By Lisa Peets and Rosie Klement On July 14, 2017, the Impact Assessment Institute (“IAI”) (an independent institute committed to impartial impact assessment and scientific evaluation of policy and legislation in the EU) published a study assessing the impact assessment carried out by the European Commission in connection with the Commission’s proposal for a new … Continue Reading
The first annual review of the EU-U.S. Privacy Shield (“Privacy Shield”) is scheduled to occur in September 2017 in Washington, D.C. The first review is particularly important for the nascent framework, as regulators in both the U.S. and the EU are expected to closely scrutinize the operation of the first year of the Privacy Shield, … Continue Reading
Nearly 2,000 organizations are now listed as self-certified to the EU-U.S. Privacy Shield on the Department of Commerce’s (“Commerce”) Privacy Shield website. Given current developments on both sides of the Atlantic, there are likely to be significant Privacy Shield developments in the coming months. EU Justice Commissioner Věra Jourová recently concluded her visit to the … Continue Reading
