This is Part 3 in a series of articles on the European Health Data Space (“EHDS“). Part 1, which provides a general overview of the EHDS, is available here. Part 2, which deals with the requirements on the manufacturers of EHR-Systems under the EHDS, is available here.
This article provides an
Continue Reading EU: EHDS – Access to health data for secondary use under the European Health Data SpaceThe European Data Protection Board (“EDPB“) adopted an opinion on 7 October 2024, providing guidance for data controllers relying on processors (and sub-processors) under the GDPR. The two key themes are:
For many financial institutions, the emphasis on these obligations should not come as a
Continue Reading EU: Engaging vendors in the financial sector: EDPB clarifications mean more mapping and management
October has already been a busy month for the Court of Justice of the European Union (“CJEU”), which has published a number of judgments on the interpretation and application of the GDPR, including five important decisions, all issued by the CJEU on one day – 4 October 2024.
This article provides an overview
Continue Reading EU: CJEU Insight
Introduction
In its judgement of 04 October 2024 (C-21/23), the European Court of Justice (“ECJ”, “Court”) ruled, that the provisions of Chapter VIII of the GDPR, do not preclude national rules which grant undertakings the right to rely, on the basis of the prohibition of acts of unfair competition
Continue Reading EU: ECJ rules that competitors are entitled to bring an injunction claim based on an infringement of the GDPR.
Introduction
The subject of “legitimate interests” and in particular whether they can be “purely commercial” has been a topic of front and center stage debate in the Netherlands for some time. The Dutch data protection authority (AP) has historically interpreted the concept of legitimate interest narrowly, taking the position that organisations
Continue Reading EU: CJEU Confirms that Legitimate Interests can cover purely commercial interests
In the much anticipated first King’s Speech of the new Labour Government on 17 July 2024, the monarch announced that the long anticipated Cybersecurity and Resilience Bill (CS&R Bill) would be amongst those new laws making their way onto Parliament’s schedule for the next year. Six years on from the implementation of the
Continue Reading UK: The UK Cybersecurity and Resilience Bill – a different approach to NIS2 or a British sister act?
The EU Data Act is one of the cornerstones of the EU’s Data Strategy and introduces a new and horizontal set of rules on data access and use to boost the EU’s data economy. Most of the provisions of the Data Act will become applicable as of 12 September 2025. To assist stakeholders in the
Continue Reading EU: Data Act Frequently Asked Questions answered by the EU Commission
Summary
In its judgement of 11 July 2024 (C-757/22), the European Court of Justice (‘ECJ’) ruled that the violation of a controller’s information obligations under Art. 12 and 13 GDPR, can be subject to a representative action under Article 80(2) GDPR.
Facts of the case
Meta Platforms Ireland Limited (“
Continue Reading Europe/Germany: Right to bring collective action for violations of information obligations under GDPR
This is Part 2 in a series of articles on the European Health Data Space (“EHDS“). Part 1, which provides a general overview of the EHDS, is available here.
Alongside the better-known provisions of the EHDS dealing with secondary use of health data, the draft Regulation also sets out specific technical requirements
Continue Reading Requirements of EHR systems under the European Health Data SpaceIn March 2024, the Council of the European Union and the European Parliament reached a deal on a provisional agreement for the European Health Data Space (“EHDS”) regulation as part of the broader EU data strategy. The Council of the European Union published the compromise text of this agreement as a work-in-progress, providing
Continue Reading The European Health Data Space – What lies ahead?
