The EDPB 101 Task Force published a report summarizing its assessment on international data transfers in connection with the use of tracking and analytics cookies (Tracking Cookie). The report is available here. The 101 Task Force comprises of representatives of the supervisory authorities in the EU (SA) and was created back in 2020, in response to the 101 complaints filed by NYOB, a data privacy activism group, regarding data transfers in connection with the use of Tracking Cookies.
EU-US data transfers: LIBE Committee to stop debate over adequacy decision due to concerns over insufficient privacy safeguards
On 13 April 2023, the EU’s Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee) passed a resolution to stop the debate over the draft adequacy decision stating that the new EU-US Data Privacy Framework (DPF) and the Executive Order on Enhancing Safeguards for US Signals Intelligence Activities issued by the US President do not provide sufficient privacy safeguards. The DPF was originally predicted to pass in early 2023 but putting a resolution to Parliament’s vote suggests looming delays.
CJEU rules on DPO conflicts of interest under the GDPR
The Court of Justice of the European Union (“CJEU”) issued a judgment on the 9th of February 2023 (docket no. C-453/21), which addresses the question of the dismissal of a Data Protection Officer (“DPO”) and the interpretation of Article 38 of the EU GDPR.
Continue Reading CJEU rules on DPO conflicts of interest under the GDPR
Get your update on IT & data protection law in our newsletter (Winter 2023 edition)
The winter 2023 edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
Continue Reading Get your update on IT & data protection law in our newsletter (Winter 2023 edition)
EU-Cookie banner taskforce report: what you need to know
On the 18th of January, the EDPB published the adopted report of the work undertaken by the Cookie Banner Taskforce. The Cookie Banner Taskforce was established in September 2021 in accordance with article 70(1) (u) GDPR to coordinate the response to complaints concerning cookie banners filed with several supervisory authorities by the non-profit organization, NOYB, run by Max Schrems. The aim of this Taskforce was to promote cooperation, information sharing, and best practices between the supervisory authorities.
Continue Reading EU-Cookie banner taskforce report: what you need to know
A sigh of relief? EU-US data transfers
At the end of 2022, the European Commission published its draft adequacy decision on the EU-US transfers of personal data. The draft contains an assessment of the US legal framework around state surveillance. Once in place, EU data transfers to the US under the new Data Privacy Framework (“EU-US DPF”) will be free. However, there are still some steps to take.
Get your Update on IT & Data Protection Law in our Newsletter (Fall 2022 Edition)
The Fall 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
English version
Continue Reading Get your Update on IT & Data Protection Law in our Newsletter (Fall 2022 Edition)
Transatlantic Data Flows – Chapter 3: The EU-U.S. Data Protection Framework: A Summary of the U.S. Executive Order issued on Oct. 9 and its immediate and future effects
At a Glance:
On Oct. 7, 2022, U.S. President Joe Biden issued Executive Order on ‘Enhancing Safeguards for United States Signals Intelligence Activities’ (“Executive Order” or “EO”). It is described by the U.S. as “a durable and reliable legal foundation” and “that the new ’robust’ commitments contained in the executive order ’fully addresses’ the issues raised in the [EU] Court of Justice’s decision on Privacy Shield” (the “Schrems II ruling”). This Executive Order will form the basis for a new EU-U.S. Data Privacy Framework, aka Safe Harbor Framework v3 or Privacy Shield 2.0.
The issuance of the EO was a central part of the agreement in principle reached between the EU and the U.S. to address the issues raised in the Schrems II ruling. While most of the world waited for this Executive Order, we now all wait for the EU’s response as to whether or not this EO, once its requirements are implemented, suffices to lift the U.S. to an adequate level of data protection within the meaning of Art. 45 GDPR. Even before full implementation of the procedural aspects of the EO, the Executive Order will have a positive impact on data transfers given that the surveillance must be conducted in a proportionate manner that takes into account the impact to privacy and civil liberties of all persons, assuming the EU will be designated as a “qualifying state” by the U.S. Attorney General under the EO.
Get your Update on IT & Data Protection Law in our Newsletter (Summer 2022 Edition)
The Summer 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
Continue Reading Get your Update on IT & Data Protection Law in our Newsletter (Summer 2022 Edition)
New rules to strengthen and better enforce consumer rights in Germany and the EU
Introduction and Overview
The year 2022 is one of major changes to consumer protection laws in Germany and the EU, namely:
- Changes in connection with digital products and corresponding new provisions for the sale of consumer goods took effect on 1 January 2022 (see our earlier Reed Smith Client Alert Part I).
- New consumer protection rules regarding automatic renewal and notice periods took effect in March 2022.
- Requirements regarding termination buttons will come into force on 1 July 2022 (see our earlier Reed Smith Client Alert Part II).
Continue Reading New rules to strengthen and better enforce consumer rights in Germany and the EU