The CNIL Announces Its 2019-2020 Action Plan on Ad Targeting

By Cédric Burton, Jan Dhont, Rossana Fol & Josephine Jay on July 10, 2019

On June 28, 2019, the French Data Protection Authority (CNIL) released its 2019-2020 action plan on ad targeting (action plan);1 among other things, the CNIL announced that it will issue new cookie guidance later this month and that, once the guidance is published, companies will have a 12-month grace period to come into compliance. Background When the General Data Protection Regulation (GDPR) became effective on May 25, 2018, it imposed stricter conditions for obtaining…

The WSGR Data Advisor

And Then There Were None: Or How Schrems 2.0 May Invalidate the Standard Contractual Clauses and the Privacy Shield

By Jan Dhont, Cédric Burton, Christopher Kuner & Nikolaos Theodorakis on July 8, 2019

On July 9, 2019, the European Court of Justice (ECJ)—the highest court of the European Union—will hear oral arguments in the Schrems 2.0 case relating to the validity of two key data transfer mechanisms: the Standard Contractual Clauses (SCCs) and the EU-US Privacy Shield. Both of these mechanisms are widely used by companies in the European Economic Area (EEA), which comprises the 28 EU member states plus Iceland, Liechtenstein, and Norway, to allow the transfer…

The WSGR Data Advisor

The EU Cybersecurity Act Introduces Certifications and the New Cybersecurity Agency

By Cédric Burton, Jan Dhont & Nikolaos Theodorakis on July 3, 2019

On June 27, 2019, the EU Regulation on Information and Communication Technology (Cybersecurity Act or Act) became effective introducing, for the first time, EU-wide rules for the cybersecurity certification of products and services (Certification). The Certification may create a competitive advantage for companies that sell their products and services in the EU. Further, the Certification may act as a catalyst to the anticipated certifications for GDPR-compliance. In addition, the Cybersecurity Act provides for a new…

The WSGR Data Advisor

Belgian Facebook Case Referred to the European Court of Justice

By Laura Brodahl & Jan Dhont on May 13, 2019

On May 8, 2019, the Brussels Court of Appeal referred the Belgian Data Protection Authority’s (DPA) case against Facebook to the European Court of Justice (CJEU) to address jurisdictional issues regarding which DPA is competent to bring enforcement actions against Facebook. The case deals with Facebook’s collection of individuals’ data through cookies stored in Facebook’s social plugins. The Belgian DPA alleges that Facebook’s data collection is unlawful as it lacks valid consent and does not…

The WSGR Data Advisor

Belgian Data Protection Authority Is Up and Running

By Laura Brodahl, Laura De Boel, Jan Dhont & Cédric Burton on April 26, 2019

On April 25, 2019, the new chairman and the four directors of the new Belgian data protection authority were sworn in before the Belgian Parliament. This marks a new era for data protection law in Belgium. Background Following the effective date of the General Data Protection Regulation (GDPR) on May 25, 2018, the Belgian Privacy Commission was restructured into a Supervisory Authority under the GDPR, thus becoming the Belgian Data Protection Authority. It was given…

The WSGR Data Advisor

The French Data Protection Authority Announces Stricter Enforcement

By Cédric Burton, Jan Dhont & Rossana Fol on April 17, 2019

On April 15, 2019, the French Data Protection Authority (CNIL) published its 2018 activity report and announced its 2019 enforcement agenda. The CNIL’s message is clear: if some leniency was tolerated in 2018, this transitional period for GDPR enforcement is now over. Going forward, the CNIL will adopt a stricter approach when investigating companies’ GDPR compliance and make full use of its enforcement powers, including the power to fine. Background As of May 25, 2018, the…

The WSGR Data Advisor

EDPB Opinion on Consent and Legal Basis in Clinical Trials

By Cédric Burton, Jan Dhont, Lore Leitner & Elli Laine on February 6, 2019

On January 23, 2019, the European Data Protection Board (EDPB) issued an opinion (Opinion) on the interplay between the Clinical Trial Regulation (CTR) and the General Data Protection Regulation (GDPR), an issue which has been the subject of intense debate and that resulted in a draft, and still non-public, FAQ prepared by the EU Commission. The Opinion comments on the draft FAQ and provides some insight on data protection regulators’ view on how…

Jan Dhont

The CNIL Announces Its 2019-2020 Action Plan on Ad Targeting

And Then There Were None: Or How Schrems 2.0 May Invalidate the Standard Contractual Clauses and the Privacy Shield

The EU Cybersecurity Act Introduces Certifications and the New Cybersecurity Agency

Belgian Facebook Case Referred to the European Court of Justice

Belgian Data Protection Authority Is Up and Running

The French Data Protection Authority Announces Stricter Enforcement

EDPB Opinion on Consent and Legal Basis in Clinical Trials

Company

Support

New to the Network