On 11 March 2024, following an investigation, the European Data Protection Supervisor (EDPS) announced that the European Commission’s (Commission) use of a major software company infringes the data protection law for EU institutions, bodies, offices and agencies (Regulation (EU) 2018/1725). In particular, the EDPS found that the Commission had

Continue Reading Europe: EDPS finds that the European Commission has infringed data protection rules

Background

March 2023 saw the launch of the European Data Protection Board’s (EDPB’s) second coordinated enforcement action (CEF 2023), which focused on the designation and position of Data Protection Officers (DPOs). Data Protection Authorities (DPAs) across the EEA have launched coordinated investigations into this topic. In particular

Continue Reading Europe: EDPB coordinated enforcement action identifies areas of improvement to promote the role and recognition of DPOs

On 27 November 2023, the Council formally adopted the final version of the regulation on harmonised rules on fair access to and use of data (“Data Act”), after the European Parliament had adopted the Data Act earlier this month.

Drafted with the objective of fostering innovation and facilitating the sharing of data between

Continue Reading EU: EU formally adopts ‘Data Act’

UK Extension

Following the European Commission’s adequacy decision for the EU-US Data Privacy Framework (DPF) (for further information see here), the UK Government has announced that from 12 October 2023, organisations in the UK can transfer personal data to US organisations certified to the “UK Extension to the EU-US Data Privacy Framework

Continue Reading UK: EU-UK Data Privacy Framework Extension