On 7 March 2024, the Court of Justice of the European Union (CJEU) issued its judgment in the Endemol Shine case (C-740/22), holding that the concept of ‘processing’ under the GDPR includes the oral disclosure of personal data.

In its judgment, the CJEU not only provided clarity on the definition of “processing”

Continue Reading EU: CJEU confirms oral disclosures are considered ‘processing’ under the GDPR

In the evolving legal landscape of data protection, several decisions by data protection regulators and courts across the EU and UK underscore the importance of proactive GDPR compliance from a contractual perspective. These issues are being scrutinised more closely in corporate due diligence transactions and by regulators in the event of a data breach or

Continue Reading EU and UK: The importance of data processing agreements

In good news, on 22 March 2024, the Cyberspace Administration of China (“CAC”) finalised long-awaited guidelines setting out exemptions to some of the more challenging cross-border data transfer (“CBDT”) compliance requirements (“Guidelines”). As well the exemptions, there are updated filing templates for those still falling outside the exemptions; and

Continue Reading CHINA: Cross Border Data Transfer Requirements – exemptions now available

Overview

On February 21, 2024, the California Attorney General (CA AG) announced that it had reached a settlement with DoorDash over allegations that the company failed to comply with “sale” requirements under the California Consumer Privacy Act (CCPA) and disclosure requirements under the California Online Privacy Protection Act (CalOPPA). The settlement requires DoorDash to pay

Continue Reading California Attorney General Settles with DoorDash over Alleged Sale of Personal Information

Background

March 2023 saw the launch of the European Data Protection Board’s (EDPB’s) second coordinated enforcement action (CEF 2023), which focused on the designation and position of Data Protection Officers (DPOs). Data Protection Authorities (DPAs) across the EEA have launched coordinated investigations into this topic. In particular

Continue Reading Europe: EDPB coordinated enforcement action identifies areas of improvement to promote the role and recognition of DPOs

In 2010, Congress included a provision in the Consumer Financial Protection Act (CFPA) requiring that the Consumer Financial Protection Bureau (CFPB or Bureau) promulgate rules effectuating what is commonly referred to as “Open Banking.”   Specifically, the rules would require any entity that engages in offering or providing a consumer financial product or service to make

Continue Reading US: Open Banking Regulation Arrives in the US

After several failed attempts in recent decades to summarize and codify the data protection provisions relating to employees and other workers in a single Employee Data Protection Act, the current government is once again attempting to do so.

Current legal situation in Germany

Currently, employee data protection in Germany is largely determined by case law.

Continue Reading Germany: New legislative procedure for an Employee Data Protection Act

Author: Carolyn Bigg, Amanda Ge, Venus Cheung, Gwyneth To

With 2023 having come to an end, the fast-paced changes to the China data protection regime throughout the year are continuing well into Q1 2024.

As well as a near finalisation of the different routes to legitimise cross-border data transfers, the Cyberspace

Continue Reading CHINA: data protection regulations – a lookback at 2023 developments

Authors: James Clark and Verena Grentzenberg

The Court of Justice of the European Union (CJEU) has delivered an important judgment on the scope and interpretation of the ‘automated decision-making’ framework under the GDPR.  It is a decision that could have significant implications for service providers who use algorithms to produce automated scores, profiles

Continue Reading EU: Significant new CJEU decision on automated decision-making

On 27 November 2023, the Council formally adopted the final version of the regulation on harmonised rules on fair access to and use of data (“Data Act”), after the European Parliament had adopted the Data Act earlier this month.

Drafted with the objective of fostering innovation and facilitating the sharing of data between

Continue Reading EU: EU formally adopts ‘Data Act’