Archives

GDPR Compliance

Lessons from the first GDPR Enforcement Notice

Since the European Union’s General Data Protection Regulation (“GDPR”) went into effect in May of this year, and for months prior to “GDPR Day”, the number one question has been how will the various data protection authorities enforce the GDPR? Will the EU use this new regulation as a hammer? Will there really be fines […]

Restricted Transfer or No Restricted Transfer – That is the Question Here

By Carolin Brucker Cabe, an Associate at XPAN Law Group, LLC. ICO’s latest publication gives rise to speculations regarding international transfers under the GDPR and how they might be handled in the future. This comes at a time when the countdown to Brexit draws closer to completion, but is still “up in the air”. The […]

Privacy is a Blue Chip Investment for Businesses

I recently read an article in the wake of the precipitous drop in Facebook stock, titled: “Facebook ‘puts privacy first’ and stocks plunge 20%”. The title alone was enraging. To suggest that prioritizing privacy can cause Facebook to suffer a devaluation is preposterous and a serious disservice to companies everywhere. But, before the air gets […]

So, it begins: California adopts legislation that reminds many of the GDPR

A common question that we receive at our firm is: will the U.S. adopt legislation similar to the GDPR? And, if yes, what will that look at? Well, let us look into our “magic-8” ball . . . . And, no surprise, it looks like privacy is moving (slowly) across the pond to the US […]

Cross-Border Data Management and Cybersecurity: Walking the Tightrope of Compliance and Business Efficiency

This article originally appeared on KuppingerCole Analyst’s Blog on June 26, 2018 and is available in its original here. * * * * * Technology is changing rapidly, correlating in an increasing amount of data collected every second.  These technologies cross-borders and allow businesses to operate on a global scale, at a rate never before […]

Are You a Joint Controller with Facebook? The CJEU’s Judgment in Case C-210/16

How many companies maintain business-oriented pages on Facebook?  Millions. In today’s social media driven economy — where individuals digest news, shopping, and friend’s updates all on the same platform — companies are increasingly trying to harness those platforms to drive customers to them.  Even our firm has a Facebook page, a LinkedIn page, and a […]

In case you missed it, the CLOUD Act is now law

In the midst of the Microsoft case, Senators Orrin Hatch (R-Utah), Christopher Coons (D-Del.), Lindsey Graham (R-S.C.) and Sheldon Whitehouse (D-R.I.), introduced the Clarifying Lawful Overseas Use of Data Act, or “CLOUD Act” in February, to create a framework for law enforcement to access data that is stored overseas.   At the time the CLOUD Act was first introduced, we addressed some of the potential impacts the Cloud Act would have in light of the pending Microsoft case, and the jurisdiction of data generally.  

But, I never gave you my data? The GDPR’s impact on data subject rights

Let us set the scene.  You receive an email: sign-up for LinkedIn! Facebook! Instagram! [Fill in your Service of Choice here.]  And, once you click to create an account, the information is mostly pre-populated: your name, your email address, your current job, your “friends”, your location/region — a number of pieces of information that may have you shaking your head asking:  how did they compile all of this information without my input and without me even knowing it?

The GDPR and Higher Education #4: International Data Transfers

We are concluding our series on the Impact of the European Union’s General Data Protection Regulation (“GDPR”) on Higher Education Institutions located in the United States.  The first post frames the application of the GDPR to higher-education institutions; the second post focuses on the two key roles under the GDPR:  data controllers and data processors; and the third post focuses on data processing and key rights under the GDPR.  This final post in the series discusses the data transfer provisions under the GDPR:  key to US-based institutions that intend to transfer data related to EU data subjects to the United States.

The GDPR and Higher Education #3: Lawful Data Processing and Data Rights

As we discussed in our first and second blog posts, higher education institutions — including those in the United States — are impacted by the forthcoming European Union’s General Data Protection Regulation (“GDPR”).  We continue our conversation in this post, focusing on the actual processing of data and the rights of data subjects.