After Germany became the last EU member state to transpose Article 5(3) of the Directive 2002/58/EC, amended by Directive 2009/136/EC (ePrivacy Directive) into national law, the use of cookies in the EU must meet one of the following requirements: The user’s consent, or The cookie must be strictly necessary in order to provide the service explicitly requested by the user (Strictly Necessary Cookies). The category of Strictly Necessary Cookies was previously interpreted rather narrowly. There…

During its 51st plenary session on 7th July 2021, the European Data Protection Board (EDPB) adopted guidelines on codes of conduct as tools for transfers (CoC Guidelines). The CoC Guidelines are available here. The CoC Guidelines support and complement the previous EDPB Guidelines on CoCs published in 2019 (2019 Guidelines) that established the general framework for the adoption of CoCs. We have previously written about the 2019 Guidelines here. Purpose of the CoC Guidelines The…

As a result of the COVID-19 pandemic, many more organisations have moved their business operations online.  From a cybersecurity and privacy perspective, this brings hackers and criminals greater opportunities to try to infiltrate the increased amount of devices and even deploy ransomware attacks. This is where malware is installed to block access to the user’s data by locking the computer or encrypting the data until the demanded ransom is paid. In some cases, the attackers…

The European Commission’s (EC) International Standard Contractual Clauses (SCCs), which we previously discussed here, contain extensive third party beneficiary rights. The EC’s decision made clear that with these new international transfer SCCs, the parties can decide for themselves which EU Member State law will govern their SCCs, provided that the Member State’s laws allowed for third-party beneficiary rights. Where a Member State’s laws did not allow for third-party beneficiary rights, then the SCCs would have…

The German Constitutional Court issued a landmark decision with implications for many companies doing business in Europe on July 9, 2021. For decades, the European Commission and EU member states strived to create a pan-European Unified Patent Court (UPC). After overcoming many hurdles, any sensible commentator will be cautious in making statements about the future of the UPC. That said, for the first time in years it now appears that the pan-European patent litigation system…

Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends, from product and technology development to operational and compliance issues that practitioners encounter every day. What’s new in data protection in the EU It has been a busy few weeks in the EU for all things data protection, particularly data transfers. Cynthia O’Donoghue and Andy Splittgerber walk us through the new Standard Contractual Clauses (SCCs) for international…

The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Joint Opinion). The Joint Opinion follows the European Commission’s (Commission) Proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (AI) which was presented on the 21st April…