Data Protection Report

Data protection legal insight at the speed of technology

Latest from Data Protection Report - Page 2

Schrems II: recent developments – waiting is harder

By Marcus Evans (UK) & Janine Regan (UK)

September 9, 2020

In the immediate aftermath of the Schrems II judgement, Bruno Gencarelli (Head of the International data flows and protection unit at the European Commission) said that “Schrems II is data transfers from theory to practice”. There have been several major developments over the last couple of weeks (explained below) which show this to be an accurate assessment. Companies can no longer “do nothing” in the hope that the difficult implications will go away. Regulators are…

Data Protection Report

Algorithmic Decision-making and the UK ICO’s Guidance on AI

By Magdalene Lie (UK)

September 8, 2020

Algorithmic decision-making has been in the news of late. From Ofqual’s downgrading of students’ A-level results[1] to the complaint lodged by None of Your Business’ against the credit rating agency CRIF for failing (amongst other things) to be transparent about the reasons why a particular applicant had been given a negative rating[2]. We have been reminded of the potential backlash that could result from decisions that are perceived as incorrect or unfair…

Data Protection Report

Key takeaways for the private sector from The Bridges v South Wales police facial recognition case

By Lara White (UK) & Janine Regan (UK)

August 27, 2020

On 11 August 2020, the Court of Appeal (CA) handed down its judgement in the case of R (on the application of Edward BRIDGES) v The Chief Constable of South Wales Police. The court found that the use of automated facial recognition technology (AFT) by South Wales Police (SWP) was unlawful and did not comply with Article 8 of the European Convention on Human Rights (the right to respect for private and family life)…

Data Protection Report

An “enhanced” Privacy Shield is being negotiated – third time a charm?

By Lara White (UK) & Janine Regan (UK)

August 13, 2020

On 10 August, the European Commission and the US Department of Commerce confirmed that talks have begun between the EU and US for an “enhanced” Privacy Shield. This will be the third attempt to revise this framework, following the invalidation of Safe Harbor in 2015 and Privacy Shield in July 2020. Third time a charm? We’re not so sure. By way of recap, in Schrems II, the court made clear that Privacy Shield was…

Data Protection Report

Schrems II landmark ruling: our recommendations

By Marcus Evans (UK), Lara White (UK), Shiv Daddar (UK), Janine Regan (UK), David Kessler (US), Susan Ross (US) & Christoph Ritzer (DE)

July 27, 2020

On 16 July 2020, the Court of Justice of the European Union (CJEU) published its decision in the landmark case Data Protection Commissioner v Facebook Ireland Ltd, Maximilian Schrems and intervening parties, Case C-311/18 (known as the Schrems II case). While the EU-US Privacy Shield (Privacy Shield) has been completely invalidated, the Standard Contractual Clauses (SCCs) remain valid, but with strict conditions. Our recent briefing provides a detailed analysis on the judgement, but here are…

Data Protection Report

Schrems II: The US Perspective and where do we go from here?

By David Kessler (US) & Anna Rudawski (US)

July 21, 2020

Schrems II calls into question all transfers of personal information out of the EU that involve export to a country without an adequacy finding. While this affects countries in every region of the world, it does have particular ramifications for the US. US companies are likely to bear the brunt of this decision. First, because the underlying complaint concerns how Facebook transferred personal data to the US, Schrems II takes particular umbrage with US “mass”…

Data Protection Report

Schrems II landmark ruling: Privacy Shield is invalid, Standard Contractual Clauses are valid but court puts obligations on parties and authorities

By Marcus Evans (UK), Christoph Ritzer (DE) & Janine Regan (UK)

July 16, 2020

The Court of Justice of the European Union (CJEU) has today published its decision in the landmark case, known as Schrems II. While Privacy Shield has been completely invalidated, the Standard Contractual Clauses (SCCs) remain valid, but the court has emphasised obligations on the parties to the SCCs and Data Protection Authorities which have the potential to restrict when they can be used. Here is a very short first summary: Privacy Shield is invalid. This…

Data Protection Report

Germany’s Federal Supreme Court Provisionally Confirms Facebook Alleged Abused Dominant Market Position

By Christoph Ritzer (DE) & Tim Schaper

July 16, 2020

Facebook’s extensive collection of user-related data must be put on hold in Germany for the time being following a decision of Germany’s Federal Supreme Court on June 23, 2020. In summary proceedings, the Federal Supreme Court overturned an earlier order of the Higher Regional Court of Düsseldorf that – pending the outcome of an appeal by Facebook – had suspended the effect of a prohibition order issued by Germany’s Federal Cartel Office (FCO) in 2019…

Data Protection Report

Cell phones, robocalls, and text messages – two pronouncements

By David Kessler (US) & Susan Ross (US)

July 7, 2020

On July 6, 2020, the U.S. Supreme Court upheld most of the federal law that prohibits “robocalls” to cell phones but struck down the exception for collection of debts owed to the federal government. (Barr v. American Association of Political Consultants, No. 19–631 (July 6, 2020) (2020 WL 3633780).) Previously, on June 25, a Bureau of the Federal Communications Commission issued some guidance on what constitutes an “autodialer” (or “automatic telephone dialing system“—“ATDS”) relating to…

Data Protection Report

UPDATE: Registration deadlines for VERBİS extended

By Ekin Inal (TR) & Ecem Naz Boyacıoğlu (TR)

June 26, 2020

Norton Rose Fulbright - Data Protection Report blog

The deadline for data controllers to register with the Data Protection Authority’s publicly accessible data controller registry, known as VERBİS, has been extended. In its June 23, 2020 decision, the Authority extends the VERBİS registration deadline until September 30, 2020 for the following data controllers: Turkish data controllers employing more than 50 people annually or whose annual total financial statement exceeds TL 25 million (approx. USD 3.7 million), and Data controllers not located in Turkey.…

Data Protection Report

Data protection legal insight at the speed of technology

Schrems II: recent developments – waiting is harder

Algorithmic Decision-making and the UK ICO’s Guidance on AI

Key takeaways for the private sector from The Bridges v South Wales police facial recognition case

An “enhanced” Privacy Shield is being negotiated – third time a charm?

Schrems II landmark ruling: our recommendations

Schrems II: The US Perspective and where do we go from here?

Schrems II landmark ruling: Privacy Shield is invalid, Standard Contractual Clauses are valid but court puts obligations on parties and authorities

Germany’s Federal Supreme Court Provisionally Confirms Facebook Alleged Abused Dominant Market Position

Cell phones, robocalls, and text messages – two pronouncements

UPDATE: Registration deadlines for VERBİS extended

Stay Connected

Company

Products

Support

New to the Network