On June 4, 2021, the European Commission released two new set of contractual clauses : A set of clauses for transfer from Controller to Processor within the Union as required under article 28 GDPR (C to P clauses) (here) An
Following the publication of its response to a data subject in a German newspapers the “Standard“, the Bavarian Data Protection Authority (DPA) took this opportunity to respond to recurring criticism and draw the attention of people on its actual enforcement
By order of 12 March 2021, the Conseil d’Etat (the French supreme administrative court) dismissed the request of various associations, including the Syndicat de la Médecine Générale (SMG) and the Ligue des Droits de l’Homme (Human Rights League), asking the interim relief judge of the Conseil d’Etat to order the suspension of the partnership between the Ministry of Health and the company Doctolib as part of the plan to accelerate vaccination against COVID-19, insofar as its online appointment booking system involved the hosting of health data with an American company (AWS).
During its 40th and 41st plenary sessions that took place in November, the European data protection board (EDBP) adopted the following recommendations: – Recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal
During this 37th plenary session, the Board adopted Guidelines on the concepts of controller and processor and Guidelines on the targeting of social media users. The EDPB also created a taskforce focusing complaints following the CJEU Schrems II judgement and