European Commission

In a previous blog post, we discussed the European Commission’s criticism of the Dutch data protection authority’s interpretation of legitimate interests as a lawful basis for processing personal data. In that post we noted that the issue would potentially be resolved by the Netherlands’ highest administrative court, the Council of State when it ruled

One of the main issues facing the enforcement of competition laws, and corresponding compliance efforts, in digital markets is the inherent global nature of the conduct of digital markets players. As the OECD noted in this respect, “Governments may need to enhance co-operation across national competent agencies to address competition issues that are increasingly transnational in scope or involve global firms.” Against this backdrop, the US, EU and UK competition agencies have recently issued joint statements to re-affirm their commitment to cooperate in this area. This blog post provides a short commentary and shows that… there is more in those statements than meets the eye.
Continue Reading Transatlantic Cooperation and Enforcement in Digital Markets

Padlock and EU flagWe are one (penultimate) step closer to the final adoption of new Standard Contractual Clauses (“SCCs”) by the European Commission.

The final version of a long overdue update to the 2004 (in case of controller-to-controller)/2010 (in case of controller-to-processor) model clauses which companies use to safeguard personal data transfers to controllers/processors outside the EEA under Article 46.2(c) of the GDPR, has cleared one of its final hurdles.

Today, the Article 93 Committee, consisting of the representatives of EU governments, unanimously approved new draft SCCs proposed by the Commission. The Committee is named after Article 93 of the GDPR, referencing the examination procedure, which the draft SCCs of the European Commission (including the one on the new SCCs) had to go through on its way to final adoption.
Continue Reading New Standard Contractual Clauses for Transfer of Personal Data outside the EEA – Getting Warmer by the Day

EU FlagIt has been almost two years since the GDPR came into force and now the European Commission (“EC”) is set to undertake a review and eventually report on issues regarding the application of the GDPR. Specifically, the EC will report on the international transfer provisions and cooperation and consistency mechanisms between supervisory authorities.

The EC is currently in the “roadmap” phase of the process. A roadmap aims to inform citizens and stakeholders about the EC’s work. One element of the roadmap is to gather feedback from citizens and stakeholders, and the opportunity to provide such feedback opened on 2 April 2020. The closing date for feedback is 29 April 2020. There is a 4000 character limit on the feedback function, but word documents can be uploaded where they contain research or other findings that support the feedback being provided. This feedback will be used to further develop and finesse the review. There are specific rules for providing feedback, which are linked here.
Continue Reading The European Commission is set to review the GDPR