Never one to miss a bandwagon, the European Commission has published three documents to mark the first year of GDPR: a Eurobarometer survey on data protection (Eurobarometer Survey); a multi-stakeholder expert group (MEG Report); and guidance on the free flow of non-personal data within the EU (reported on here). We set out some of the … Continue Reading
The new Regulation (EU) 2018/1807 on a framework for the free flow of non-personal data in the EU (Free Flow of Non-Personal Data Regulation), which we discussed in a previous blog, became applicable from 28 May 2019. Together with the General Data Protection Regulation (EU) 2016/679 (GDPR), the two regulations now provide a “comprehensive framework … Continue Reading
On 12 March 2019, the European Parliament issued its first position on the text proposed by the European Commission for a Regulation of the European Parliament and of the Council on ENISA (the European Union Agency for Network and Information Security), also known as the EU Cybersecurity Act. Initiatives to build strong EU-wide cybersecurity The … Continue Reading
On February 14, 2019 the European Commission, European Parliament and Council of the European Union agreed to implement new rules designed to ensure a fair, transparent and predictable business environment to the benefit of both end consumers and entrepreneurs using third-party online platforms for their business. The Council and European Parliament will adopt these new … Continue Reading
On 23 January 2019, the European Commission adopted an adequacy decision for Japan, with immediate effect. The decision certifies Japan as having a comparable level of data protection to that of the European Union. On the same day, Japan adopted an equivalent decision regarding the EU’s data protection regime. This is the first example of … Continue Reading
In April 2018 the European Commission (Commission) published its Communication on the digital transformation of health and care in the Digital Single Market (Communication). The Commission outlined the need for reforms to health care systems and the development of innovative digital solutions. On 6 December 2018, the European Economic and Social Committee (EESC) published its … Continue Reading
On 22 June 2018, the European Commission published a factsheet that provides a visual summary of the actions taken to date to implement its Digital Single Market strategy. The Digital Single Market strategy refers to the European Commission’s mission to ensure access to online activities for individuals and businesses under conditions of fair competition, consumer … Continue Reading
On 5 July 2018, the European Parliament demanded in a resolution that the European Commission suspends its EU-U.S. Privacy Shield unless the U.S. administration introduces adequate data protection safeguards by 1 September 2018. The Privacy Shield agreement is aimed at facilitating data transfers of EU personal data to the United States. The non-binding resolution was … Continue Reading
You may well remember our blog from last year which outlined the Commission’s proposal for a framework in relation to the free flow of non-personal data in September 2017 (you can view our blog here). On 19 June 2018, the European Parliament, Council and the European Commission reached a political agreement on the rules that … Continue Reading
Background On 22 November 2017, the Court of Justice of the European Union (“CJEU”) gave judgment in a case taken by the not-for-profit company, Digital Rights Ireland Limited (“DRIL”). DRIL sought an annulment of the European Commission’s Privacy Shield decision. This decision states that the US ensures an adequate level of protection for personal data … Continue Reading
The European Commission has issued a proposal for a new Regulation on the free flow of non-personal data (“the Proposal”). Background The Commission adopted a Communication in January 2017 on “Building a European Data Economy”, in which its work on free flow of data was announced in the context of actions to enhance the data … Continue Reading
“A year from now, the European Union will start benefiting from the new data protection standards.” This week, the European Commission’s most senior voices gave an official statement promoting the benefits of the new General Data Protection Regulation (GDPR). Andrus Ansip (Vice-President) and Věra Jourová (Commissioner) of the European Commission aimed their statement at all … Continue Reading
The European Commission has imposed a fine of EUR110 million (US$122 million) on Facebook for providing misleading or incorrect information to the European Commission when it filed the acquisition of WhatsApp for merger approval in 2014. In the notification, Facebook stated that it would be unable to establish a reliable automated matching between Facebook users’ … Continue Reading
Google has announced that the EU data protection authorities have reviewed and confirmed its Google Cloud services’ contractual commitments as fully compliant with the EU requirements for transferring personal data to third countries outside the European Economic Area (“EEA”). Model contract clauses The review was carried out in line with Working Paper 226 (‘WP 226’). … Continue Reading
On 26 July, the Article 29 Data Protection Working Party (WP29) released a statement outlining its opinion on the EU-U.S. Privacy Shield, which was adopted by the European Commission earlier this month. After praising the improvements implemented by the Commission and U.S. authorities since its last critical opinion, the WP29 outlined some remaining concerns, including … Continue Reading
On 5 July, the European Commission (“EC”) published a communication outlining measures to improve resilience to cyber incidents, improve cooperation and information sharing, and promote innovation and competition in the European cybersecurity industry. The communication highlights the EC’s intention to take cooperation, knowledge, and capacity to the next level, particularly through the imminent introduction … Continue Reading
Following a positive vote from the Article 31 Committee on 8 July, the EU-US Privacy Shield was formally adopted on 12 July and will enter immediately into force in the EU. In the U.S. the Privacy Shield will be published in the Federal Register, becoming effective on 1 August and will be operated by the … Continue Reading
Mobile health or ‘mHealth’ applications commonly raise complex privacy issues as a result of processing large amounts of sensitive personal data. Following the publication of its Green Paper on the topic in 2014, the European Commission has recently published a draft code of conduct on privacy for mobile health applications (‘the code’). The code provides … Continue Reading
On 25 May 2016 the European Commission published draft legislation aimed at restricting the use of geoblocking and similar practices by websites selling to into the European Union. The European Commission has published a draft regulation aimed at restricting traders from blocking access to websites by customers from other European countries, preventing geographic discrimination through use … Continue Reading
The European Commission (EC) recently proposed the European Cloud Initiative (ECI): a plan to create a world-class data infrastructure to store, manage, transport and process data at high speeds. The primary aims are to support establishment of the ‘Digital Single Market’ in Europe, improve Europe’s position in data-driven innovation, and improve competitiveness and inspire cohesion … Continue Reading
The EU-U.S. data protection Umbrella Agreement consists of a framework of principles and safeguards for trans-Atlantic transfers of personal data (such as criminal records, names and addresses) in relation to the prevention, detection, investigation and prosecution of criminal offences, including terrorism. The agreement seeks to satisfy two core objectives: first, to ensure a high level … Continue Reading
The European Commission (the executive of the EU) recently published the initial findings of its e-commerce inquiry, an investigative process conducted to determine whether and to what extent competition is being restricted or distorted in the sector. The inquiry focused on geo-blocking, a commercial practice whereby online providers block user access to the purchasing of … Continue Reading
Pursuant to its Digital Single Market strategy and adoption of the General Data Protection Regulation (GDPR), the European Commission (EC) has launched a public consultation on the revision of Directive 2002/58/EC, better known as the ePrivacy Directive. Its intention is to bring the existing legal framework up to date “with the challenges of the digital … Continue Reading
On 13 April, the Article 29 Data Protection Working Party (‘WP29’) published its opinion on whether the proposed Privacy Shield programme, which is intended to replace the now-invalid Safe Harbor pact for facilitating trans-Atlantic data flows, achieved an adequate level of protection. The WP29 acknowledged that many of the shortcomings of Safe Harbor have been … Continue Reading
