Schrems 2: The French Conseil d’Etat Dismisses a Request for Suspension of Data Transfers to the US

Schrems 2: The French Conseil d’Etat Dismisses a Request for Suspension of Data Transfers to the US

By order of 12 March 2021, the Conseil d’Etat (the French supreme administrative court) dismissed the request of various associations, including the Syndicat de la Médecine Générale (SMG) and the Ligue des Droits de l’Homme (Human Rights League), asking the interim relief judge of the Conseil d’Etat to order the suspension of the partnership between the Ministry of Health and the company Doctolib as part of the plan to accelerate vaccination against COVID-19, insofar as its online appointment booking system involved the hosting of health data with an American company (AWS).

The EDPB Releases Draft Practical Guidelines on Personal Data Breach Notification

The EDPB Releases Draft Practical Guidelines on Personal Data Breach Notification

The European Data Protection Board (“EDPB”) has recently released new draft guidelines on personal data breach notification.  

These new guidelines complement the previous and more general guidelines on the same subject that were issued by the EDPB, then the article 29 Working Party, in October 2017 (see here for more details)

Although quite comprehensive, the previous guidelines lacked practical details in certain regards as they were drafted at a time where the authorities and organisations did not have much experience of personal data breach notification. More than two years later, the EDPB has decided to provide guidelines made up of practical examples taken from their experiences.