During this 37th plenary session, the Board adopted Guidelines on the concepts of controller and processor and Guidelines on the targeting of social media users. The EDPB also created a taskforce focusing complaints following the CJEU Schrems II judgement and
By decision of 28 July 2020, the CNIL imposed a fine of €250,000 and an obligation to comply with the GDPR within 3 months of the decision, on SPARTOO, an online shoe retailer operating in 13 European countries. This is
On 23 July 2020, the European Data Protection Board (EDPB) released a FAQ on the consequences of the CJEU’s judgement of 16 Juley 2020 (Schrems 2)
This judgment invalidates the Privacy Shield, an EU-US data transfer mechanisms, and conditions the validity of the Standards contractual clauses (SCCs), another transfer mechanisms, to the prior analysis of the level of protection provided by the third country recipient and the implementation of additional measures where necessary.
This FAQ provides a glimpse of the position of the Authorities following the CJEU Decision that calls into question the possibility to transfer any personal data to the US. However, the EDPB remains relatively unspecific as it is currently working on more detailed guidance that should be released shortly.
During its 34th plenary session that took place on 20 July 2020, the European Data Protection Board (EDPB) adopted the following documents: a statement on the CJEU’s ruling in Facebook Ireland v Schrems in which it states that it is
By a judgment of 16 July 2020 (Case C‑311/18 – Schrems 2), the Court of Justice of the European Union (CJEU) upholds the decision of the European Commission adequacy decision on the Standard Contractual Clauses (SCCs) but declares the Privacy