With the Cyberspace Administration of China’s (“CAC”) release last week of the Guidelines for Filing of Standard Contracts for Cross-border transfers of Personal Information (“Guidelines”), organisations processing Mainland China personal data must now turn their attention to the China Standard Contractual Clauses (“China SCCs”) route for legitimizing their cross-border…

Decision could imperil other companies’ transatlantic transfers as well

By: John Magee, Andrew Dyson, James Sullivan, Andrew Serwin, Claire O’Brien & Rachel De Souza

The Irish Data Protection Commission (DPC) has published a decision that could impact the ability of thousands of companies to move personal data from the European Economic Area (…
Continue Reading Ireland/EU: Irish DPC bans Meta’s EU-US data flows and issues record €1.2bn fine

On 26^th April, the General Court of the European Union (EGC), published its judgment in Case T-557/20, Single Resolution Board (SRB) v European Data Protection Supervisor (EDPS), in relation to the threshold between pseudonymous and anonymous data.

The EGC held that pseudonymised data transmitted to a data…
Continue Reading Europe: EU General Court Clarifies When Pseudonymized Data is Considered Personal Data

On 4 May 2023, European Court of Justice (“CJEU”) delivered its judgment regarding the interpretation of Article 82 of the General Data Protection Regulation (“GDPR”). The CJEU held that mere infringement of the GDPR does not give rise to a right to compensation. However, there is no requirement for the non-material…
Continue Reading Europe: CJEU holds that mere infringement of the GDPR does not give rise to a right to compensation

Authors: Verena Grentzenberg and Katja-Maria Harsdorf

On 20 April 2023, the Advocate General (“AG”), Nicholas Emiliou, published his Opinion in the case of FT v DW, (C-307/22). In particular, the AG took the view that Art. 12(5) and Art. 15(3) GDPR must be interpreted as requiring a data controller to provide the…
Continue Reading Europe: Advocate General delivers Opinion on the right of access for purposes unrelated to data protection

Authors: Coran Darling and Rachel De Souza

On 29 March 2023, the UK Government (“Government”) published its long-awaited white paper (“Paper”), setting out the Government’s proposals to govern and regulate artificial Intelligence (“AI”). Headed “A Pro-Innovation Approach”, the Paper recognises the importance of building a framework that…
Continue Reading UK: Information Commissioner publishes response to new AI White Paper

By John Magee, Emer McEntaggart, Eilis McDonald, Nicole Fitzpatrick, Sarah Dunne, David Brazil & Christopher Connell

The Data Protection Commission (DPC) has published its 2022 Annual Report, highlighting the DPC’s progress on (i) ongoing large-scale inquiries (in particular against social media platforms), (ii) defence of cross-border decisions, and (iii) increased interaction with…
Continue Reading Ireland: DPC Produces “Significant Outputs” for 2022 Concluding 17 Large Scale Inquiries