fbpx

Download free GDPR compliance checklist!

Tag Archives for " CJEU "

EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

On September 4, 2020, the European Data Protection Board (EDPB) announced that it established two taskforces following the judgment of the Court of Justice of the European Union (CJEU) in the Schrems II case.

The first taskforce will process and uniformly respond to complaints received by data protection authorities following the Schrems II judgment. The second taskforce will prepare recommendations to assist data controllers and processors with their duty to identify and implement appropriate supplementary measures to ensure the adequate protection of EU personal data when transferring data to third countries.

Source: EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

Facebook sues EU antitrust regulator for excessive data requests

Facebook is suing EU antitrust regulators for seeking information beyond what is necessary, including highly personal details, for their investigations into the company’s data and marketplace.

In addition to the two lawsuits against the Commission, Facebook is also seeking interim measures at the Luxembourg-based General Court, Europe’s second-highest, to halt such data requests until judges rule, according to a court filing.

Source: Facebook sues EU antitrust regulator for excessive data requests – Reuters

What Privacy Shield organizations should do in the wake of ‘Schrems II’

The Court of Justice of the European Union issued its decision in “Schrems II” Thursday, a landmark decision that invalidates the EU-U.S. Privacy Shield arrangement.

Fortunately, the CJEU did not invalidate the European Commission’s standard contractual clauses for transfers to data processors. However, the rationale behind the court’s ruling on Privacy Shield (which focused on concerns about U.S. law and practice on government surveillance) would suggest that companies will need to evaluate their use of SCCs.

So, what now?

Full article: What Privacy Shield organizations should do in the wake of ‘Schrems II’

Legal clouds gather over US cloud services, after CJEU ruling

In the wake of landmark ruling by Europe’s top court Europe’s lead data protection regulator has fired its own warning shot at the region’s data protection authorities (DPAs), essentially telling them to get on and do the job of intervening to stop people’s data flowing to third countries where it’s at risk.

In its ruling CJEU stroked down a flagship transatlantic data transfer framework called Privacy Shield, and cranking up the legal uncertainty around processing EU citizens’ data in the U.S. in the process. Now, any sense of legal certainty U.S. cloud services were deriving from the existence of the EU-U.S. Privacy Shield — with its flawed claim of data protection adequacy — has vanished.

Source: Legal clouds gather over US cloud services, after CJEU ruling | TechCrunch

1 CJEU Invalidates EU-U.S. Privacy Shield but SCC Remain Valid

On July 16, 2020, the Court of Justice of the European Union (the “CJEU”) issued its landmark judgment in the Schrems II case (case C-311/18).

In its judgment, the CJEU concluded that the Standard Contractual Clauses (the “SCCs”) issued by the European Commission for the transfer of personal data to data processors established outside of the EU are valid. Unexpectedly, the Court invalidated the EU-U.S. Privacy Shield framework.

Source: Schrems II: CJEU Invalidates EU-U.S. Privacy Shield but SCC Remain Valid

What the outcome of the upcoming ruling in Facebook Ireland vs Schrems can mean for you

On the 16th of July, one of the most anticipated cases in data protection, case C-311/18 — Facebook Ireland versus Schrems — will be delivered by the EU Court of Justice.

The verdict in the groundbreaking “Schrems 2.0” case will dictate whether the widely used Standard Contractual Clauses (SCCs) and the EU/USA Privacy Shield will remain a valid means of transferring personal data to countries outside the EEA under the EU’s GDPR.

Full article: What the outcome of the upcoming ruling in Facebook Ireland vs Schrems can mean for your organisation and how to prepare for the 16th of July

YouTube not obliged to inform on film pirates, Europe’s top court says

Google’s YouTube is not required to hand over the email or IP address of users who upload films illegally to its video platform, Europe’s top court ruled on Thursday, saying there must be a balance between protecting personal data and copyright.

The case came before the Luxembourg-based Court of Justice of the European Union (CJEU) after a German court sought guidance on what video platforms must do to combat film piracy in a case concerning German film distributor Constantin Film Verleih.

The company, which had distribution rights to the films Scary Movie 5 and Parker in Germany, had asked YouTube and Google to provide the email addresses, telephone numbers and IP addresses of users who had uploaded those films illegally onto YouTube in 2013 and 2014.

Source: YouTube not obliged to inform on film pirates, Europe’s top court says – Reuters

Commission conducting ‘preparatory work’ should ECJ invalidate privacy shield

The European Commission is preparing for the eventuality that the European Court of Justice (ECJ) may invalidate the EU-US data transfer agreement, known as the Privacy Shield, Justice Commissioner Didier Reynders has said.

“We don’t have one plan, but we have some ideas about the different ways to give an answer, following the scope of the decision of the court,” he added, keeping his cards close to his chest, however, on the specifics of how the Commission would react to a legal invalidation of the Privacy Shield.

Source: Commission conducting ‘preparatory work’ should ECJ invalidate privacy shield  – EURACTIV.com

CJEU to decide on right of consumer protection associations and competitors to sue under GDPR

The Federal Court of Justice (BGH) has submitted to the Court of Justice of the European Union (CJEU) the question whether consumer protection associations or competitors are authorised to initiate a civil action in case of infringements of the General Data Protection Regulation (GDPR).

In this preliminary ruling procedure, the CJEU will have to decide whether, among other provisions, Art. 80 GDPR is in conflict with member state law which allows consumer protection associations and competitors to take action against infringements of the GDPR irrespective of the violation of subjective rights of individuals and without a mandate from the data subject.

Source: GERMANY: Right of consumer protection associations and competitors to initiate civil actions under GDPR will be case for CJEU

CJEU Considers the Use of CCTV and Legitimate Interests

With the use of CCTV on the rise, it has become increasingly important for controllers to find a framework in which the conflicting rights of those who are subject to such surveillance are balanced.

In its recent decision of TK v Asociaţia de Proprietari bloc M5A-ScaraAmonit, the CJEU considered whether the processing carried out by CCTV cameras was necessary and proportionate for the purposes of legitimate interests pursued by the controller. The CJEU re-emphasised that the legitimate interests condition requires processing to apply only so far as “strictly necessary”.

Source: CJEU Considers the Use of CCTV and Legitimate Interests

1 2 3 9
>