On 23 July 2020, the European Data Protection Board (EDPB) released a FAQ on the consequences of the CJEU’s judgement of 16 Juley 2020 (Schrems 2)
This judgment invalidates the Privacy Shield, an EU-US data transfer mechanisms, and conditions the validity of the Standards contractual clauses (SCCs), another transfer mechanisms, to the prior analysis of the level of protection provided by the third country recipient and the implementation of additional measures where necessary.
This FAQ provides a glimpse of the position of the Authorities following the CJEU Decision that calls into question the possibility to transfer any personal data to the US. However, the EDPB remains relatively unspecific as it is currently working on more detailed guidance that should be released shortly.
The CNIL has upgraded its PIA tool aimed at carrying out data protection impact assessments (DPIA) or sometimes also called privacy impact assessment (PIA). A DPIA is a risk analysis that controllers must conduct before starting processing personal data in
In a decision of 19 June 2020, the Conseil d’État (i.e. the French Supreme Administrative Court) ruled, as part of a judicial review, that the CNIL could not legally prohibit the use of “cookie walls” in its recommendation on cookies
On 9 June 2020, the CNIL published its 2019 activity report. This 100-page report provides a retrospective of the CNIL activities during 2019 by: recalling key dates and events such as the 50 million euro sanction against Google LLC or
On May 5, 2020, the European Data Protection Board (EDPB) published a slightly updated version of the WP 29 (i.e. former EDPB) guidelines on the GDPR consent of April 10, 2018. The EDPB has provided further clarifications regarding: – The