On 10 July 2023, the European Commission adopted a new adequacy decision concerning personal date transfers to the United States. This decision brings to an end a judicial epic that began in 2016 with the first Schrems ruling and which
The European Data Protection Supervisor (“EDPS”) and the Austrian Data Protection Authority have both recently issued a decision ruling that the transfers of personal data to Google LLC (US) entailed by the use of Google Analytics tool on the European Parliament and by a company located in Austria (the “website operator”) websites, were not GDPR compliant.
On June 4, 2021, the European Commission released two new set of contractual clauses : A set of clauses for personal data transfers from Controller to Processor within the Union as required under article 28 GDPR (C to P clauses)
Following the publication of its response to a data subject in a German newspapers the “Standard“, the Bavarian Data Protection Authority (DPA) took this opportunity to respond to recurring criticism and draw the attention of people on its actual enforcement
By order of 12 March 2021, the Conseil d’Etat (the French supreme administrative court) dismissed the request of various associations, including the Syndicat de la Médecine Générale (SMG) and the Ligue des Droits de l’Homme (Human Rights League), asking the interim relief judge of the Conseil d’Etat to order the suspension of the partnership between the Ministry of Health and the company Doctolib as part of the plan to accelerate vaccination against COVID-19, insofar as its online appointment booking system involved the hosting of health data with an American company (AWS).