guidelines

New German Guidelines on GDPR Requirements for International Transfers of Health Data in Medical Research

By Kristof Van Quathem, Dr. Dr. Adem Koyuncu, Lars Lensdorf & Anna Sophia Oberschelp de Meneses on October 21, 2025

Posted in Digital Health, European Union, Health Privacy, Life Sciences & Digital Health

On September 17, 2025, the German Supervisory Authorities (Konferenz der unabhängigen Datenschutzaufsichtsbehörden des Bundes und der Länder, DSK) published new guidelines and recommendations addressing the complex requirements for transferring personal data, particularly health data (including health data contained in biomaterials), to countries outside of the European Economic…

European Data Protection Board Publishes Guidelines on Certification as a Tool for International Personal Data Transfers

By Kristof Van Quathem, Dan Cooper & Anna Sophia Oberschelp de Meneses on July 4, 2022

Posted in Cross-Border Transfers, EU Data Protection, European Union

On June 30, 2022, the European Data Protection Board published draft guidelines on certification as a tool for transfers. These guidelines complement the EDPB’s earlier guidelines on certification and identifying certification criteria.

These guidelines and the guidelines on codes of conduct as tools for transfers appear to be part of the EDPB’s broader response to the Schrems II decision issued by the Court of Justice of the European Union (“CJEU”), which invalidated the EU-US Privacy Shield framework. The approval of certification schemes expands the toolbox available under Art. 46 GDPR for lawfully transferring personal data outside the EEA.Continue Reading European Data Protection Board Publishes Guidelines on Certification as a Tool for International Personal Data Transfers

French Supervisory Authority Publishes Final Version of Cookie Guidelines, Says It Will Start Enforcing Them in April 2021

By Kristof Van Quathem, Anna Sophia Oberschelp de Meneses & Nicholas Shepherd on October 5, 2020

Posted in Data Privacy, European Union

On October 1, 2020, the French Supervisory Authority (“CNIL”) published the final version of its Guidelines on cookies and other tracking technologies (hereafter, “guidelines” – see announcement here, and guidelines here, in French), as well as an adjoining set of best practice recommendations (in French) with examples on how to implement the guidelines. In this blog post, we summarize the key points mentioned in the CNIL’s guidelines.
Continue Reading French Supervisory Authority Publishes Final Version of Cookie Guidelines, Says It Will Start Enforcing Them in April 2021

CEA Releases Guidelines on Privacy and Security of Personal Wellness Data

By Inside Privacy on November 2, 2015

Posted in Health Privacy

Last week, the Consumer Electronics Association (“CEA”) announced its Guiding Principles on the Privacy and Security of Personal Wellness Data, a set of baseline, voluntary guidelines for private-sector organizations that handle the type of data often produced by wearable technologies. The Guiding Principles are categorized into eight areas and…
Continue Reading CEA Releases Guidelines on Privacy and Security of Personal Wellness Data