EU authorities have understandably declined to put forward a single list of mandatory data security controls that apply to all companies subject to the GDPR. As a result, each new…
On November 4, 2020, Vincent Pitaro of the Cybersecurity Law Report published: Comparing U.S. and E.U. Approaches to Incident Response and Breach Notification. The article summarises a panel discussion at…
October was a particularly busy month, with headline-grabbing stories such as the long-awaited finalisation of the fines against British Airways and Marriott, which may well be the last penalties the…
Hot on the heels of British Airways’ £20m fine (covered here), the UK Information Commissioner’s Office has fined Marriott £18.4m for alleged data security failings linked to the breach of…
In a long-awaited final decision, the UK Information Commissioner’s Office (the “ICO”) has issued a fine of £20m to British Airways (“BA”) following a data breach that took place in…
On October 1, 2020, the French data protection authority, the CNIL (“Commission Nationale de l’Informatique et des Libertés”) issued guidelines on the use of cookies and trackers (the “Guidelines”). These…
Throughout September, companies, regulators and policymakers have continued to respond to the fallout from Schrems II. Since our last update we have also seen the second largest fine to date…
August proved to be another busy month for data protection developments in Europe, fuelled in part by the aftermath of the Court of Justice of the European Union’s (“CJEU”) decision…
Competition v Privacy Competition and consumer authorities are increasingly considering the implications of digital platforms’ ownership and use of consumer data and whether concerns about harm to privacy are indicative…
July was a busy month for data protection in the EU and UK. While the long-awaited Schrems II decision captured the most headlines, data protection authorities (“DPAs”) and Member State…