fbpx

Download free GDPR compliance checklist!

Tag Archives for " CJEU "

Facebook, Belgian Data-Protection Watchdog Face Off at EU High Court

The European Union faced some tough questions as it defended Facebook at the EU high court Monday, in a case over which country’s data-protection agency can go after the social media giant.

The Court of Justice of the European Union heard arguments Monday on whether Belgium can go after social media giant Facebook for data privacy violations. The Belgian Data Protection Authority wants Facebook to stop tracking Belgians via cookies, but both the EU and Facebook argued the agency doesn’t have the right to do so.

Source: Facebook, Belgian Data-Protection Watchdog Face Off at EU High Court

CJEU ruling puts in danger EU-UK adequacy talks

This week, the CJEU issued a ruling that could spring a leak and potentially sink adequacy negotiations between the U.K. and EU.

CJEU ruled to restrict surveillance activities on phone and internet data by EU member states but specifically to regimes in Belgium, France and the U.K. The decision means governments have limited grounds for mass data retention unless they face a “serious threat to national security.” Additionally, access to phone and internet data, as well as the duration of that access, should be determined based on necessity.

The U.K. is chief among those affected by the court’s ruling as the clock winds down on its Brexit transition period, which is set to expire with or without an adequacy decision from the EU December 31. Doubts about an adequacy agreement already loomed, but the latest CJEU ruling further clouds a potential deal.

Source: CJEU throws wrinkle into EU-UK adequacy talks

Europe’s top court confirms no mass surveillance without limits

Europe’s top court has delivered another slap-down to indiscriminate government mass surveillance regimes.

In a ruling the CJEU has made it clear that national security concerns do not exclude EU Member States from the need to comply with general principles of EU law such as proportionality and respect for fundamental rights to privacy, data protection and freedom of expression.

However the court has also allowed for derogations, saying that a pressing national security threat can justify limited and temporary bulk data collection and retention — capped to ‘what is strictly necessary’.

Source: Europe’s top court confirms no mass surveillance without limits | TechCrunch

Belgian DPA asks EU court for permission to take regulatory action against Facebook

The Belgian Data Protection Authority (DPA) is appearing at the Court of Justice of the European Union (CJEU) in Luxemburg in a bid to gain regulatory action against Facebook.

The Belgian privacy watchdog is seeking agreement from the court that the local DPA has the regulatory authority under GDPR to rule on violations against Facebook users in Belgium.

Source: Belgian DPA asks EU court for permission to take regulatory action against Facebook

EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

On September 4, 2020, the European Data Protection Board (EDPB) announced that it established two taskforces following the judgment of the Court of Justice of the European Union (CJEU) in the Schrems II case.

The first taskforce will process and uniformly respond to complaints received by data protection authorities following the Schrems II judgment. The second taskforce will prepare recommendations to assist data controllers and processors with their duty to identify and implement appropriate supplementary measures to ensure the adequate protection of EU personal data when transferring data to third countries.

Source: EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

Facebook sues EU antitrust regulator for excessive data requests

Facebook is suing EU antitrust regulators for seeking information beyond what is necessary, including highly personal details, for their investigations into the company’s data and marketplace.

In addition to the two lawsuits against the Commission, Facebook is also seeking interim measures at the Luxembourg-based General Court, Europe’s second-highest, to halt such data requests until judges rule, according to a court filing.

Source: Facebook sues EU antitrust regulator for excessive data requests – Reuters

What Privacy Shield organizations should do in the wake of ‘Schrems II’

The Court of Justice of the European Union issued its decision in “Schrems II” Thursday, a landmark decision that invalidates the EU-U.S. Privacy Shield arrangement.

Fortunately, the CJEU did not invalidate the European Commission’s standard contractual clauses for transfers to data processors. However, the rationale behind the court’s ruling on Privacy Shield (which focused on concerns about U.S. law and practice on government surveillance) would suggest that companies will need to evaluate their use of SCCs.

So, what now?

Full article: What Privacy Shield organizations should do in the wake of ‘Schrems II’

Legal clouds gather over US cloud services, after CJEU ruling

In the wake of landmark ruling by Europe’s top court Europe’s lead data protection regulator has fired its own warning shot at the region’s data protection authorities (DPAs), essentially telling them to get on and do the job of intervening to stop people’s data flowing to third countries where it’s at risk.

In its ruling CJEU stroked down a flagship transatlantic data transfer framework called Privacy Shield, and cranking up the legal uncertainty around processing EU citizens’ data in the U.S. in the process. Now, any sense of legal certainty U.S. cloud services were deriving from the existence of the EU-U.S. Privacy Shield — with its flawed claim of data protection adequacy — has vanished.

Source: Legal clouds gather over US cloud services, after CJEU ruling | TechCrunch

1 CJEU Invalidates EU-U.S. Privacy Shield but SCC Remain Valid

On July 16, 2020, the Court of Justice of the European Union (the “CJEU”) issued its landmark judgment in the Schrems II case (case C-311/18).

In its judgment, the CJEU concluded that the Standard Contractual Clauses (the “SCCs”) issued by the European Commission for the transfer of personal data to data processors established outside of the EU are valid. Unexpectedly, the Court invalidated the EU-U.S. Privacy Shield framework.

Source: Schrems II: CJEU Invalidates EU-U.S. Privacy Shield but SCC Remain Valid

What the outcome of the upcoming ruling in Facebook Ireland vs Schrems can mean for you

On the 16th of July, one of the most anticipated cases in data protection, case C-311/18 — Facebook Ireland versus Schrems — will be delivered by the EU Court of Justice.

The verdict in the groundbreaking “Schrems 2.0” case will dictate whether the widely used Standard Contractual Clauses (SCCs) and the EU/USA Privacy Shield will remain a valid means of transferring personal data to countries outside the EEA under the EU’s GDPR.

Full article: What the outcome of the upcoming ruling in Facebook Ireland vs Schrems can mean for your organisation and how to prepare for the 16th of July

1 2 3 9
>