General Data Protection Regulation (GDPR)

U.S. companies thinking about falling back on “disproportionate” effort for access requests under the new U.S. privacy laws because they require compiling too many documents should think again.

The Berlin

Continue Reading Don’t Expect to Easily Claim ‘Disproportionate’ Effort When Responding to US Data Access Requests

The United Kingdom’s Information Commissioner’s Office recently issued guidance on how to keep employment records.

This is good advise for employers beyond Europe (and particularly in California). The data

Continue Reading Information Commissioner’s Office Issues Guidance on How to Keep Employment Records: What You Need to Know

A cookie is not just a cookie, according to the European Data Protection Board. It’s also similar technologies, and access and Internet of Things (IOT).

Here are some key takeaways

Continue Reading A Cookie Is Not Just a Cookie: EDPB Issues Draft Guidelines on Art 5(3) ePrivacy Directive

Providers in the mobility space take note.

The Estonian Data Protection Inspectorate, Andmekaitse Inspektsioon, conducted a short term vehicle rental sweep that could be important in light of a declared

Continue Reading What Can Estonia’s Short Term Vehicle Rental Sweep Teach Us About California?

Ireland’s Data Protection Commission has fined Meta €1.2 billion.

What, however, did the commission say in the case about using Art 49 derogations for transfers to the U.S.?

An overview:

Continue Reading Ireland’s Data Protection Commission, Meta and Art 49 Derogations: An Overview

The European Parliament has voted against a U.S. adequacy decision under the proposed EU-U.S. Data Privacy Framework.


  • Bulk collection: The framework still allows for bulk collection of personal data
Continue Reading European Parliament Says No to Personal Data Transfers With US Under Current Rules