Keep up with the latest GDPR + EU Privacy trends and observations by reading our Privacy + Data Security team’s regular client alerts, including:

2024’s Blockbuster: The EU’s Data Act (06 Dec 2023)

Key Takeaways From ICO Report On Workforce Monitoring (26 Oct 2023)

The ICO’s Move Towards a More Harmonized Approach for Binding Corporate Rules: The UK BCR Addendum (25 Oct 2023)

Building Bridges – Q&A About the UK’s Extension to the EU-U.S. Data Privacy Framework (05 Oct 2023)

A MoFo Privacy Minute Q&A: UK BCRs; Is the ICO Making Good on Its Promise? (17 Aug 2023)

A MoFo Privacy Minute Q&A: How to Avoid Nasty Surprises When Responding to Access Requests in the UK (15 Aug 2023)

Good Things Come in Threes: European Commission’s Third Attempt to Facilitate EU-U.S. Data Transfers (14 Jul 2023)

Catching up on cookies: regulatory guidance outside the EU (05 Jun 2023)

A(nother) Roadblock for EU-U.S. Data Transfers – How to Proceed After the Irish DPC’s Decision (01 Jun 2023)

EU: Advocate General Opines in “Deutsche Wohnen” Case and Rejects “Strict Liability” for GDPR Violations (02 May 2023)

Why Monitoring Cultural Diversity in Your European Workforce Is Not at Odds with the GDPR (15 Feb 2023)

European Digital Compliance: Key Digital Regulation & Compliance Developments (10 Jan 2023)

A MoFo Privacy Minute Q&A: EU-U.S. Data Privacy Framework (04 Jan 2023)

Privacy + Data Security Predictions for 2023 (07 Dec 2022)

A Step but Not Quite a Leap – the ICO’s New Approach to Restricted Transfers (01 Dec 2022)

Navigating Binding Corporate Rules: Updated Requirements in the EU and UK (01 Dec 2022)

Gathering CLOUD Requests Forecast for Technology and Communications Service Providers (02 Nov 2022)

ICO Fines Organisation £4.4 Million Following Phishing Email Attack (31 Oct 2022)

European Digital Compliance: Key Digital Regulation & Compliance Developments (12 Oct 2022)

U.S.-EU Create New Framework to Address CJEU Concerns About U.S. Surveillance (11 Oct 2022)

AI Regulation in Europe (07 Oct 2022)

The EU Digital Services Act – Europe’s New Regime for Content Moderation (04 Oct 2022)

Liechtensteinian Implementation of the GDPR (04 Oct 2022)

What happened to the Risk Based Approach to Data Transfers? (27 Sept 2022)

Déjà Vu, But with Canadian Flair: Ready For Quebec’s Take On the GDPR? (06 Sep 2022)

ICO Changes Course On UK BCRs to Make Them More Nimble, Simple and Principles-Based (12 Jul 2022)

European Digital Compliance: Key Digital Regulation & Compliance Developments (01 Jul 2022)

The Shape of Things Come: Asia and the Pacific Now Embrace EU Privacy Rules (17 May 2022)

The Cookie Crumbles: Diverging Approaches to Cookie Consent Requirements (05 May 2022)

Colombia Is Getting Ready to Become the Next Country to Facilitate BCRs (13 Apr 2022)

European Digital Compliance: Key Digital Regulation & Compliance Developments (11 Apr 2022)

A MoFo Privacy Minute Q&A: Belgian Regulator Further Shapes the Contours on When to Appoint a DPO and Who Can Hold the Position (11 Mar 2022)
The EU Data Act – Stimulant or Roadblock for the Data Economy? (23 Feb 2022)

Dodging the One-Stop Shop (04 Feb 2022)

Providers of IoT Devices Have 2.5 Years to Implement Stricter Security and Privacy Requirements to Keep Access to the EU Market (26 Jan 2022)

Closing the Door but Opening a Window – What Happens Next After Lloyd V Google? (18 Nov 2021)

European Digital Compliance: Key Digital Regulation & Compliance Developments (05 October 2021)

A MoFo Privacy Minute Q&A: 9 September 2021

A New Hurdle for Data Protection Litigation in the UK? (11 August 2021)

A MoFo Privacy Minute Q&A: 5 August 2021

Wait There’s More: EU Article 28 SCCs Have Now Also Been Finalized (21 June 2021)

The Beginning of a New Era for International Transfers: The Final SCCs Are Published and This Is What You Need to Know (07 June 2021)

A MoFo Privacy Minute: 1 June 2021

A MoFo Privacy Minute: 4 May 2021

Privacy and the EU’s Regulation on AI: What’s New and What’s Not? (22 April 2021)

Focus: EDPB Adopts Guidelines on Connected Vehicles (20 April 2021)

Why the EDPB Should Not Torpedo BCR for Processors (08 April 2021)

Will the EU Become an Information Island? (22 July 2020)

The Ruling on SCCs and Privacy Shield May Not Be As Straightforward As It Seems (16 July 2020)

In Defense of the One-Stop Shop: CNIL Stands Corrected (08 July 2020)

The Cookie Wall Must Come Down. Or Not? (29 June 2020)

The (Im)Possibilities of Scientific Research Under the GDPR (17 June 2020)

One Hat Too Many for the European Data Protection Officer (27 May 2020)

EU Data Protection Laws Are Not Fit For Purpose: They Undermine the Very Autonomy of the Individuals They Set Out to Protect (21 May 2020)

The Draft EU Rules on Electronic Evidence Disclosures – Law Enforcement’s New Tool to Access Electronically Stored Data (18 May 2020)

11 Drafting Flaws for the European Commission to Address in its Upcoming GDPR Review (25 February 2020)

Attention EU-U.S. Privacy Shield Participants: Here Is What You Need to Do During the Brexit Implementation Period (06 February 2020)

Calls for EU-wide Data Regulator Grow Louder (05 February 2020)

Not with a Bang but with a Whimper: As the UK Bows out of the EU, What’s Next for UK Data Protection? (04 February 2020)

Why Blockchain is not inherently at odds with GDPR (07 January 2020)

GDR Insight Handbook 2020 - United States: Privacy (13 December 2019)

Forget Me...or Not (01 October 2019)

European Commission Q&A on the Interplay Between the Clinical Trials Regulation And GDPR (01 October 2019)

European Commission Q&A on the interplay between the Clinical Trials Regulation and GDPR (16 July 2019)

Insight: A Slap on the Wrist or Show of Force—GDPR Fines Reveal Need for EU Penalty Guidelines (01 May 2019)

The Cookie Wall Must Go Up. Or Not? (27 February 2019)

The Trials That Lie Ahead: EDPB Opines on Interplay Between EU Clinical Trials Regulation and GDPR (26 February 2019)

What happened to the one-stop shop? (21 February 2019)

Data Protection Implications on a No Deal Brexit (28 January 2019)

C’est It Ain’t So: French DPA Issues Google Largest GDPR Fine to Date (22 January 2019)

Automated Decisions Based on Profiling Under GDPR – Information, Explanation, or Justification? That is the Question! (27 April 2018)

GDPR: Time to make that change (22 March 2018)

GDPR Conundrums: The GDPR Applicability Regime — Part 2: Controllers (13 February 2018)

GDPR Conundrums: The GDPR Applicability Regime — Part 1: Controllers (29 January 2018)

Breach Notification Is Coming to the EU (2 November 2017)

Multi-Billion Euro Fines for Data Protection Violations Under the New GDPR—Really? (9 October 2017)

Austria’s GDPR Implementation Law (19 September 2017)

The GDPR Translated into UK Law: The UK Government Announces its Plans for the New Data Protection Bill (14 August 2017)

A Look at New Trends in 2017: Privacy Laws in Europe and Eurasia (non-EEA) (Bloomberg Law; 17 July 2017)

Guidance on Processing Personal Information of Employees (11 July 2017)

CNIL Offers Guidance on Data Protection Officers (29 June 2017)

The Future of Data Privacy in the UK Post-Brexit (22 June 2017)

Germany Enacts GDPR Implementation Bill (23 May 2017)

Biometric Information as Personal Information—A Brave New World of Regulatory Compliance (4 April 2017)

First Wave of Ripple Effects of the General Data Protection Regulation (Westlaw Journal Computer and Internet; 10 February 2017)

Cross-Border Information Sharing for Effective Services (January 2017)

European Court of Justice: IP Addresses are Personal Information (25 October 2016)

Opinion of Prof. Lokke Moerel of Morrison & Foerster on the impact of the ECJ Safe Harbor Decision on the alternative transfer mechanisms: “Schrems decision has no impact on the lawfulness and viability of the alternative mechanisms for data transfers” (13 September 2016)

GDPR Conundrums: Processing Special Categories of Data (IAPP Privacy Tracker; 12 September 2016)

GDPR Conundrums: The data protection officer requirement: one for all...maybe? (IAPP Privacy Tracker; 19 July 2016)

M&A and the New European Data Protection Rules: Additional Risks for Transactions and How to Avoid Them (Wall Street Lawyer, July 2016)

GDPR conundrums: Data transfer (IAPP Privacy Tracker; 9 June 2016)

130 days, 1,500 notifications: Does Dutch breach rule foreshadow GDPR? (17 May 2016)

EU Parliament Approves General Data Protection Regulation (15 April 2016)

The EU General Data Protection Regulation: A Primer for International Business (23 March 2016)

EU Parliament and Council’s Agreement on the GDPR and What It Means for Businesses (18 December 2015)

News

Resourcing Issues Pushes Belgian DPA to Settlements (17 Nov 2022)

Despite Executive Order, EU-U.S. Data Transfer Framework Still Has Long Road Ahead (11 Oct 2022)

U.S. Privacy Changes Put EU Data Flow Pact on Strong Footing (07 Oct 2022)

Blockchain’s Forever Memory Confounds EU ‘Right to Be Forgotten’ (04 Aug 2022)

ICO unveils more flexible UK BCR requirements (27 Jul 2022)

Canada’s New AI Regulation Echoes EU Approach, Signaling Broader EU Influence (07 Jul 2022)

EDPB fining guidelines may face similar struggles to German scheme (27 May 2022)

Companies Must Contribute to a Digitally Sustainable Society by Ensuring Fair Use of Data Rather Than Focusing on Tick-the-Box Consent (05 May 2022)

Digital Bridge: Russian Splinternet Fail – Interoperability – US Digital (Foreign) Policy (14 Apr 2022)

How GDPR Has Inspired a Global Arms Race on Privacy Regulation (07 Apr 2022)