Davinia Brennan

Photo of Davinia Brennan

Latest Articles

The EDPB has published information notes on Data Transfers under the GDPR in the Event of a No-Deal Brexit, and on BCRs for Companies Which Have ICO as BCR Lead Supervisory Authority to help organisations prepare for a no-deal Brexit. The information notes build on guidance already issued by the UK ICO and Irish Data Protection Commission (discussed here). The Information Note on Data Transfers warns, once again, that the UK will be a ‘third…
The European Data Protection Board (EDPB) has published its work program for the next two years. The program lists the guidelines, consistency opinions, and other types of activities the EDPB intends to carry out. The program is based on the needs identified by the EDPB as priority for individuals, stakeholders, as well as the EU legislator planned activities. The Guidelines due to be published over the coming two years include: Guidelines on reliance on Art.…
The European Data Protection Board (EDPB) has adopted an Opinion (3/2019) on the interplay between the EU Clinical Trials Regulation (536/2014) (CTR) and the GDPR, following a request from the European Commission to review its Q&A on the topic. The CTR, which is expected to enter into force in 2020, aims to harmonise the rules for conducting clinical trials throughout the EU. It does not contain any derogations from the GDPR and will therefore apply…
The European Commission has published an infographic on compliance with and enforcement of the GDPR since from May 2018 to January 2019. The infographic reveals some interesting statistics, including: 95,180 complaints have been made to EU national data protection authorities (DPAs) by individuals who believe their rights under the GDPR have been violated. The majority of these complaints concerned telemarketing, promotional emails, and video surveillance/CCTV.…
It looks unlikely that the draft e-Privacy Regulation will come into effect before 2021. European Council negotiations on the text of the draft Regulation are currently ongoing, and trilogue discussions by the Council, Parliament and Commission will then take place. However, the upcoming May 2019 European elections may lead to a delay in the Council adopting a common position and the trilogue discussions commencing. In addition, the latest draft text of the Regulation, published by…
The European Commission has adopted an adequacy decision on Japan, creating the world’s largest area of safe data flows. The decision means that EU organisations can transfer personal data to organisations in Japan, without having to put in place a transfer mechanism laid down in Chapter 5 of the GDPR (such as the Commission’s standard contractual clauses or Binding Corporate rules). Japan has adopted an equivalent decision, making it simpler for Japanese organisations to transfer personal…
The Government has published its Legislation Programme for Spring 2019. Preparing for Brexit is the central feature of the Spring Legislation Programme (which covers the period January-March 2019). The Brexit omnibus bill, the Miscellaneous Provisions (Withdrawal of the United Kingdom from the European Union on 29 March 2019) Bill, is the primary item in the Spring Programme. The Brexit omnibus bill comprises vital legislation across 17 elements that will need to be enacted prior to…
The Data Protection Commission (DPC) has issued guidance in relation to the transfer of personal data to and from the UK in the event of a ‘no deal’ Brexit. The DPC’s guidance is in line with the ‘no deal’ Brexit guidance published on 13 December 2018 by the UK Government (supplementing its September 2018 Technical Note) and by the UK Information Commissioner’s Office (ICO).  Some highlights of the guidance issued by the Irish and…
The European Commission has published its Report and Staff Working Document on the second annual review of the Privacy Shield. The Report concludes that the U.S. continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the EU to the 3850 participating companies in the U.S. It notes that the steps taken by the U.S. authorities to implement the recommendations made by the Commission in last year have…
The DPC has published guidance for drivers concerning their data protection responsibilities when using dash cams. Images and audio recordings captured by dash cams constitute ‘personal data‘ insofar as they relate to an identifiable individual and are therefore subject to the GDPR and Data Protection Act 2018. Actions to take In order to comply with the GDPR, in particular, the transparency, purpose limitation, data minimisation, storage limitation and security requirements, as well as individuals’ access…