2023 was a busy year for the Court of Justice of the European Union (CJEU), with the issuance of a number of far-reaching judgments on the interpretation and application of the GDPR.
In December 2023, the CJEU delivered two important decisions which supplement a growing body of jurisprudence on the issuance of administrative fines and
Continue Reading CJEU Insight
The European Data Protection Board has published new guidelines (14 November 2023) on the scope of Article 5(3) of the e-Privacy Directive – i.e., the so-called ‘cookie rule’.
These guidelines apply a maximalist interpretation to the cookie rule, meaning that a wide variety of technologies other than traditional cookies are, in the opinion of the
Continue Reading EU: New EDPB guidelines on the scope of the ‘cookie rule’
The arrival of NIS2 is only one year away. With significantly enhanced requirements around cybersecurity management extending across the supply chain, increased reporting obligations in the case of cyber breach, and personal liability for senior management, working out whether or not an organisation will be in scope for NIS2 will be an important question, instigating
Continue Reading EU: The NIS2 Enigma: who will be caught by the EU’s updated cyber requirements?Dear subscriber,
Thank you for subscribing and being a part of DLA Piper’s Data Protection, Privacy and Cybersecurity community. We appreciate your continued engagement with our insights and the evolving nature of the landscape.
Our goal for this blog is to help you navigate all aspects of data protection, privacy, and cybersecurity laws, while considering
Continue Reading We’re now seamlessly global. Here’s what to expect.Authors: Eleni Alexiou, Katharina Pauls
On 30 March 2023, the European Court of Justice (ECJ) ruled on the requirements for national legal bases regarding employee data protection in the context of a referral procedure. Based on its ruling, the German provision that gave rise to the referral procedure (Sec. 23 (1) sentence 1 of
Continue Reading Germany: ECJ ruling on employee data protection
Authors: Andreas Rüdiger, Philipp Adelberg
On 14 February 2023, the European Data Protection Board (“EDPB”) published the updated and final version of its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (EDPB Guidelines 05/2021).
Continue Reading EU: Final version of the EDPB-Guidelines 05/2021 on the Interplay between the application of Art. 3 and the provisions on international transfers as per Chapter V of the GDPR
Authors: Andreas Rüdiger, Philipp Adelberg
The debate on transatlantic data transfers, a possible adequacy decision for the US and the EU-US Data Privacy Framework (“DPF“) is gaining new momentum. On 14 February 2023, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs published its draft motion for a resolution regarding
Continue Reading EU – US adequacy decision: Update
Authors: Coran Darling, James Clark
In its proposed AI Regulation (“AI Act”), the EU recognises AI as one of the most important technologies of the 21st century. It is often forgotten, however, that AI is not one specific type of technology. Instead, it is an umbrella term for a range of
Continue Reading EUROPE: Data protection regulators publish myth-busting guidance on machine learningAuthors: Zoltán Kozma, Mark Almasy
The case involved the personal data processing
By: Heidi Waem, Simon Verschaeve
The European Commission today presented its second instrument in the European Data Strategy; a “Regulation on harmonised rules on fair access to and use of data”, better known as the Data Act. After the adoption of the Digital Governance Act (DGA) at the end of 2021, which essentially defines
Continue Reading EU Regulatory Data Protection: A first appraisal of the European Commission’s proposal for a ‘Data Act’
