We first published this alert in May 2020 and we’re updating it from time to time with more questions and developments. Introduction As lockdown restrictions have changed in some countries, many companies have been dealing with partial returns to company premises or so-called hybrid working where employees work from company premises and at home. Obviously Read more »
EU Data Protection – glossary
We’ve put together this glossary to help explain some of the terms used in data protection and in GDPR. If there’s a term you think we should add let us know. AVG = Algemene Verordening Gegevensbescherming, the term used sometimes for GDPR in the Netherlands (although increasingly GDPR is used too there). Adequacy Decision = Read more »
French Regulator CNIL Fines Data Controller and Data Processor for Security Breach & Sets Deadline for Cookies Compliance
What’s this about? Significantly for the first time, the French data protection regulator, the Commission Nationale de l’Informatique et des Libertés (CNIL), has fined both a data controller and a data processor for the same data security breach. The CNIL has also set a deadline for website and mobile applications to meet cookies compliance. There Read more »
Life With GDPR: Episode 53-The KBR Document Production Decision
In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, they take a look at the recent UK Supreme Court decision in the KBR document production case. KBR succeeded in its UK Supreme Court battle with the Serious Fraud Office (SFO). The case Read more »
UK Post-Brexit & Product Regulatory Compliance: Liability, Safety, Withdrawal & Conformity
What’s this all about? A key highlighted feature of the deal between the UK and the EU in the Trade and Cooperation Agreement (“TCA”) is that as of 1 January 2021 there will be zero tariffs or quotas applied to trade in goods between the UK and the EU (where those goods satisfy so-called “rules Read more »
Client Alert: Norwegian DPA to fine Grindr for sharing sensitive information without consent
At the end of last month The Norwegian Data Protection Authority, Datatilsynet, notified dating app Grindr LLC (Grindr) of its intention to fine the company NOK 100 000 000 (around €10 million) for unlawfully sharing highly sensitive information and, in particular, for not complying with the GDPR rules on consent. The notice came off the Read more »
SCCE 9th Annual European Compliance & Ethics Institute Amsterdam, Netherlands – 15-17 March 2021
Jonathan Armstrong will be speaking at a panel at the SCCE 9th Annual European Compliance & Ethics Institute on 17 March. The event was scheduled to be held in Amsterdam but will now be held virtually. Crisis Management: Practical Tips for the Compliance Professional When it Goes Wrong Full program is here https://www.corporatecompliance.org/conferences/national/european-compliance-and-ethics-institute/agenda The Panel Read more »
Draft EU Adequacy Decisions issued for the UK
What’s this all about? Today the European Commission announced that it was satisfied with the UK data protection regime post-Brexit and it has issued draft “Adequacy Decisions” for the UK. The European Commission said that it had analysed the UK’s situation over the past few past months, including UK rules on access to data by Read more »
European Data Protection Board GDPR & Consent Guidelines – Cookie Walls & Scrolling/Swiping
Introduction The European Data Protection Board (‘EDPB’) recently issued guidelines that revise the previous EU WP29 guidelines about consent under GDPR entitled ‘Guidelines 05/2020 on consent under Regulation 2016/679’ (‘the guidelines’). This article looks at the key revision clarifications, which concern ‘freely given consent’ and ‘cookie walls’, and ‘scrolling/swiping’. What’s this all about? Under GDPR Read more »
Episode 201: Loose Emails Sink Ships
TechLaw 10 hosts Jonathan Armstrong and Eric Sinrod discuss legal issues related to information technology. In this edition Eric and Jonathan consider how emails can be incriminating and draw on current topical examples from the world of American politics. They caution that deleted emails can be retrieved and that emails are the perpetual witness to wrongdoing. Read more »