The European Commission (the “Commission”) announced its plans to open a public consultation on the new Standard Contractual Clauses (“SCCs”) in the fourth quarter of 2024. The new SCCs will address the scenario where the data importer (controller or processor) is based outside of the European Economic Area (“EEA”) but is directly subject to the

With cybersecurity becoming a board-level issue, compliance officers, lawyers, board members, and business drivers are looking for official guidance or recommendations on cybersecurity measures to protect business, customers, and the wider economy.Continue Reading Cybersecurity preparedness: What guidance to follow?

The Summer 2023 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:

English version
German versionContinue Reading Get your Update on IT & Data Protection Law in our Germany Newsletter (Summer 2023 Edition)

Please click here to access the source post from our Global Regulatory Enforcement Law Blog.

In this blog, the authors delve into a significant decision by the German Federal Cartel Office (FCO) four years ago, accusing a major technology company of abusive behavior due to alleged violations of the General Data Protection Regulation (GDPR). Recently

If you can remember as far back as December 2021, we published a blog post announcing that the European Data Protection Board (EDPB) published draft guidelines on the interplay between the territorial scope of the GDPR and the international transfer requirements. Following what must have been an extensive consultation, we are pleased to report that those guidelines were finally finalised on 14 February 2023 (here) and, are even more pleased to report that they contain some very useful illustrations to help you make sense of the concept of international data transfers.Continue Reading The EDPB makes its mind up about transfers

The winter 2023 edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:

English version

German versionContinue Reading Get your update on IT & data protection law in our newsletter (Winter 2023 edition)

On the 18th of January, the EDPB published the adopted report of the work undertaken by the Cookie Banner Taskforce. The Cookie Banner Taskforce was established in September 2021 in accordance with article 70(1) (u) GDPR to coordinate the response to complaints concerning cookie banners filed with several supervisory authorities by the non-profit organization, NOYB, run by Max Schrems. The aim of this Taskforce was to promote cooperation, information sharing, and best practices between the supervisory authorities.Continue Reading EU-Cookie banner taskforce report: what you need to know

On 6 October 2022, the Advocate General (Campos Sánchez-Bordona) issued his opinion in UI v Österreichische Post AG on the interpretation of the rules on civil liability under the GDPR .

He concluded that a data subject must have suffered harm in order to claim compensation, and that breach of the GDPR alone was not sufficient.  There is also a distinction to be drawn between mere upset (which does not give rise to a right for compensation) and non-material damage (which does).Continue Reading ‘Mere upset’ insufficient for compensation under the GDPR

Meta-owned Instagram has been fined €405 million by the Irish Data Protection Commission (DPC) for violations of the EU General Data Protection Regulation (GDPR), following a two year investigation into how the social media platform handles children’s data. This is the largest fine imposed by the DPC to date. Below, we highlight some of the key issues arising in the case.Continue Reading Irish DPC fines Instagram a record €405 million