General Data Protection Regulation (GDPR)

It’s beginning to look a lot like (a Schrems II solution by) Christmas.

“A revised mechanism allowing companies to transfer Europeans’ data around the world may be ready before Christmas,” said EU digital chief Margrethe Vestager.

“My colleagues Vera Jourova and Didiers Reynders are working very, very hard to look at standard contractual clauses, at

Key Takeaways

  • Particularly

The Data Protection Authority of Rhineland-Palatinate, Germany has issued FAQs on Schrems II, weighing in on the EU-U.S. Privacy Shield and Standard Contractual Clauses. The guidance comes on the heels of FAQs issued recently by Baden-Wuerttemberg’s DPA.

Here’s what the Rhineland-Palatinate authority says about EU-U.S. Privacy Shield:

Privacy Shield

  • The EU-U.S. Privacy Shield can no

In a detailed report titled “Ethics of Connected and Automated Vehicles,” the European Commission sets out key data protection recommendations

Connected and Automated Vehicles (CAVs) are vehicles that are both connected and automated and display one of the five levels of automation according to SAE International’s standard J3016, combined with the capacity to receive and/or

“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data transfers while guaranteeing an appropriate level of protection for people globally,”  say Alessandra Pierucci, Chair of the Committee of Convention 108

The Data Protection Authority of Lower Saxony, Germany, has offered guidance on protecting data collected in the course of autonomous vehicle training.

  • Training recordings may be processing of personal data if the pictures include faces or license plates which are recognizable.
  • In order to effectively train the autonomous vehicle systems you need to collect training

Blockchain and data protection: A report issued by the Law Society and Tech London Advocates & Global Tech Advocates highlights the extent of unknowns in a series of questions posed for the UK Information Commissioner’s Office.

  • What does “all means reasonably likely to be used” mean under Recital 26 of the General Data Protection Regulation

The Washington Privacy Act is back and now includes provisions for handling personal data during a public health emergency such as a pandemic.

Its provisions are closer to the European Union’s General Data Privacy Regulation (GDPR) than the California Consumer Privacy Act (CCPA) and include:

  • Controller and processor obligations
  • Right of correction
  • Provisions regarding profiling

On the heels of the Court of Justice of the European Union’s decision in Schrems II, Switzerland’s Federal Data Protection and Information Commissioner (FDPIC)  has determined that the U.S.-Swiss Privacy Shield does not meet the “requirements of adequate data protection as defined by the FADP (Swiss Federal Act on Data Protection).” It issued a policy