EDPB Releases Statement on Interoperability of Contact Tracing Apps
On June 16, 2020, the European Data Protection Board (the “EDPB”) released a statement on the data protection impact of the interoperability of contact tracing apps within the EU (the “Statement”). The...
View ArticleVermont’s Amendments to Data Breach Law and New Student Privacy Law Effective...
On July 1, 2020, amendments to Vermont’s data breach notification law, signed into law earlier this year, will take effect along with Vermont’s new student privacy law. Security Breach Notice Act The...
View ArticleFrench Highest Administrative Court Partially Annuls CNIL Cookie Guidelines
On June 19, 2020, France’s Highest Administrative Court (the “Conseil d’Etat”) issued a decision partially annulling the guidelines of the French Data Protection Authority (the “CNIL”) on cookies and...
View ArticleSouth Africa’s Protection of Personal Information Act, 2013, Goes into Effect...
Zeyn Bhyat of ENSafrica reports that on June 22, 2020, it was announced that South Africa’s comprehensive privacy law known as the Protection of Personal Information Act, 2013 (the “POPIA”) will become...
View ArticleChina Issues Draft Data Security Law
When compared to the EU or the U.S., China has lacked a comprehensive data protection and data security law that regulates in detail requirements and procedures relating to the collection, processing,...
View ArticleNew Dubai International Financial Centre Data Protection Law Comes into Effect
On July 1, 2020, the Dubai International Financial Centre (“DIFC”) Data Protection Law No. 5 of 2020 came into effect (“New DP Law”). Due to the current pandemic, a three-month grace period, running...
View ArticleEDPB Publishes Guidelines on the Concepts of Controller and Processor in the...
On September 7, 2020, the European Data Protection Board (“EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation (“GDPR”)...
View ArticleBelgian DPA to Take Down Websites Infringing GDPR
On November 26, 2020, the Belgian Data Protection Authority (“Belgian DPA”) signed a cooperation agreement with DNS Belgium, the organization managing the “.be” country code top-level domain name. The...
View ArticleCIPL Submits Response to European Commission’s Article 28 Standard...
On December 10, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the European Commission’s invitation for comments on its draft implementing...
View ArticleHunton Attorneys Publish Guidance Note on Changes to China’s Data Protection...
Hunton attorneys Dora Luo and Yanchen Wang recently published a new Guidance Note for OneTrust DataGuidance on China’s data protection laws. The Guidance Note provides an overview of recent changes to...
View ArticleCIPL Submits Response to European Commission’s Standard Contractual Clauses...
On December 10, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the European Commission’s invitation for comments on its draft implementing...
View ArticleIrish DPA Issues €450,000 Fine Against Twitter for Data Breach Following EDPB...
On December 15, 2020, the Irish Data Protection Commission (“DPC”) announced its fine of €450,000 against Twitter International Company (“Twitter”), following its investigation into a breach resulting...
View ArticleEDPB Publishes Its 2021-2023 Strategy
On December 21, 2020, the European Data Protection Board (the “EDPB”) released its 2021-2023 Strategy (the “Strategy”). The Strategy aims at setting out the four main pillars of the EDPB strategic...
View ArticleCIPL Submits Response to the EDPB Guidelines 09/2020 on Relevant and Reasoned...
On November 23, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the European Data Protection Board (“EDPB”) consultation on draft...
View ArticleEDPB and EDPS Adopt Joint Opinions on Draft SCCs
On January 15, 2020, the European Data Protection Board (“EDPB”) and European Data Protection Supervisor (“EDPS”) adopted joint opinions on the draft Standard Contractual Clauses (“SCCs”) released by...
View ArticleUK Case Tests the Territorial Application of the GDPR to U.S. Run Website
The recent UK case of Soriano v Forensic News and Others tested the territorial reach of the General Data Protection Regulation (“GDPR”) and represents the first UK judgment dealing with the...
View ArticleAPEC Endorses the First U.S. Non-Profit Accountability Agent
On January 26, 2021, BBB National Programs announced that it has been endorsed as an Accountability Agent for the APEC Cross-Border Privacy Rules (“CBPR”) and Privacy Recognition for Processors (“PRP”)...
View ArticleCNIL Fines a Data Controller and Its Processor 225,000 Euros for Security...
On January 27, 2021, the French Data Protection Authority (the “CNIL”) announced (in French) that it imposed a fine of €150,000 on a data controller, and a fine of €75,000 on its data processor, for...
View ArticleCIPL Submits Response to European Commission’s Proposal for a Regulation on...
On February 5, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted a response to the European Commission’s (the “Commission’s”) public consultation on the...
View ArticleRegulatory Sandboxes are Gaining Traction with European Data Protection...
The concept of regulatory sandboxes has gained traction in the data protection community. Since the UK Information Commissioner’s Office (the “ICO”) completed its pilot program of regulatory sandboxes...
View Article