The WSGR Data Advisor

Unique Insights on Privacy and Data Protection Worldwide

On May 8, 2019, the Brussels Court of Appeal referred the Belgian Data Protection Authority’s (DPA) case against Facebook to the European Court of Justice (CJEU) to address jurisdictional issues regarding which DPA is competent to bring enforcement actions against Facebook. The case deals with Facebook’s collection of individuals’ data through cookies stored in Facebook’s social plugins. The Belgian DPA alleges that Facebook’s data collection is unlawful as it lacks valid consent and does not…
On May 1, 2019, WSGR convened a panel of regulators and experts to discuss recent developments in European data protection law. The panel, moderated by Cédric Burton, featured Bruno Gencarelli, head of the International Data Flows and Protection Unit of the European Commission, Isabelle Vereecken, head of the Secretariat of the European Data Protection Board (EDPB), and Dr. Christopher Kuner, senior privacy counsel at WSGR.…
On May 1, 2019, WSGR held a panel discussing state and federal legislative privacy developments, including the California Consumer Privacy Act (CCPA). The panel, moderated by Chris Olsen, featured Ashkan Soltani, former chief technologist at the Federal Trade Commission (FTC), and Shaundra Watson, the senior director for policy at BSA (The Software Alliance). Here are the key takeaways from the discussion:…
On May 1, 2019, WSGR held an event in which regulators and experts discussed privacy developments in the U.S. and Europe. The first session featured a fireside chat with the Federal Trade Commission’s (FTC’s) Bureau of Consumer Protection Director, Andrew Smith, on “The State of Play at the FTC on Privacy.” In case you missed it, here are the key takeaways from the discussion: More specificity in data security orders. Director Smith noted that we…
On April 25, 2019, the new chairman and the four directors of the new Belgian data protection authority were sworn in before the Belgian Parliament. This marks a new era for data protection law in Belgium. Background Following the effective date of the General Data Protection Regulation (GDPR) on May 25, 2018, the Belgian Privacy Commission was restructured into a Supervisory Authority under the GDPR, thus becoming the Belgian Data Protection Authority. It was given…
On April 15, 2019, the French Data Protection Authority (CNIL) published its 2018 activity report and announced its 2019 enforcement agenda. The CNIL’s message is clear: if some leniency was tolerated in 2018, this transitional period for GDPR enforcement is now over. Going forward, the CNIL will adopt a stricter approach when investigating companies’ GDPR compliance and make full use of its enforcement powers, including the power to fine. Background As of May 25, 2018, the…
On March 21, 2019, the Advocate General (AG) of the highest EU Court (the Court of Justice of the European Union (CJEU)) issued an opinion (opinion) in the Planet49 case[1] on what constitutes valid consent for cookies under the Data Protection Directive, the GDPR, and the e-Privacy Directive. In particular, the AG opines that: 1) a pre-ticked checkbox that users must untick to refuse consent does not constitute valid consent; 2) consent…
On March 20, 2019, WSGR partner Cédric Burton and Of Counsel Lore Leitner hosted a webcast, “Brexit and Its Implications for Data Protection.” In this webcast, Burton and Leitner break down the potential far-reaching effects of the United Kingdom’s pending exit from the European Union on businesses operating in the UK and EU. In this hour-long panel, the firm experts break down the steps that companies should consider taking to prepare for Brexit and potential…
On January 23, 2019, the European Data Protection Board (EDPB) issued an opinion (Opinion) on the interplay between the Clinical Trial Regulation (CTR) and the General Data Protection Regulation (GDPR), an issue which has been the subject of intense debate and that resulted in a draft, and still non-public, FAQ prepared by the EU Commission. The Opinion comments on the draft FAQ and provides some insight on data protection regulators’ view on how…
On September 23, 2018, Governor Jerry Brown signed into law SB-1121, a bill that makes several amendments to the California Consumer Privacy Act (CCPA or the Act). The controversial privacy law, which is set to take effect in 2020, recently sparked a war of words among industry, privacy advocates, and the California Attorney General, each of whom sent letters to the California legislature urging amendments to the legislation. The California Chamber of Commerce, along with…