CyberLex
CyberLex Insights on cybersecurity, privacy and data protection law

Category Archives: European Union

Subscribe to European Union RSS Feed

Still Good Enough? Amendment to EC Decision on “adequacy” of Canadian Privacy Law in the Works

Posted in European Union, Legislation, Privacy

Potential amendments could mean Canadian businesses receiving personal information from Europe will have more exposure to the differences in the data protection laws and enforcement regimes in the EU member states. Readers of this blog will be aware that European privacy law has been in flux in the wake of the Schrems decision, which struck down… → Read More

Canada-EU Agreement to Share Air Travellers’ Data Doesn’t Fly

Posted in European Union, Privacy

An agreement between Canada and the European Union over the sharing of air passengers’ personal information failed to pass muster in the European Court of Justice because Canada was found to have inadequate privacy protections.  On September 8, 2016, the Court of Justice of the European Union (“CJEU“)  issued an  Opinion on the consistency of Canada… → Read More

German Regulator Finds Banks’ Data Rules “impede non-bank competitors”

Posted in Big Data, European Union, Financial, FinTech

“Open Banking” is an emerging term in financial services / financial technology that refers, among other things, to the use of open application programming interfaces (“APIs“) enable third party developers to build applications and services around a financial institution. This requires a financial institution to throw open the doors to its customer data and allow… → Read More

EU-US Privacy Shield Adopted: Now What?

Posted in European Union, Legislation, Privacy

On July 12, 2016, the European Commission formally issued its adequacy decision endorsing the EU-US Privacy Shield, following the approval of the deal by the Article 31 Committee on July 8.  Although the European adequacy decision has immediate effect, U.S. organizations will not be able to take advantage of the Privacy Shield until the U.S…. → Read More

EU’ve Got Mail: European Commission Seeks Input on Electronic Communications Rules

Posted in European Union, Legislation

Technological advances and the advent of the EU General Data Protection Regulation (“GDPR”) prompted the European Commission (“Commission”) to update the EU’s Privacy and Electronic Communications  Directive. The recommendations made to it last summer suggest  wide-ranging changes are likely, including to rules on the use of cookies, direct digital marketing and on the processing of… → Read More

EU-US Privacy Shield: Agreement in Principle on Framework To Replace Safe Harbour

Posted in European Union, Privacy

Regular readers of this blog will be aware that, last fall, the Court of Justice of the European Union struck down the Safe Harbour framework which permitted the lawful transfer of personal information from the EU to the US through a self-certification model.  Negotiations between the European and US authorities to update or replace the… → Read More

Big News for Big Data – European Data Protection Supervisor Releases Opinion on Big Data Challenges

Posted in Big Data, European Union, Privacy

On November 19, 2015, the European Data Protection Supervisor (“EDPS”) published an Opinion entitled Meeting the Challenges of Big Data: A Call for Transparency, User Control, Data Protection by Design and Accountability. Focusing on these issues, the report lays down the foundation for a new approach to how big data should be managed in order… → Read More

Life After Schrems: Think Locally, Act Globally?

Posted in European Union, Privacy

Two weeks after the historic decision of the Court of Justice of the European Union (CJEU) in the Schrems case, striking down the European Commission (EC) decision 2000/520/EC (known as the “Safe Harbour” decision), many people are still left scratching their heads, wondering what it all means.  Global businesses face particular difficulties, but so do… → Read More

Data Transfers from EU to US “unlawful”; EU Signals Enforcement Actions Possible After January, 2016

Posted in European Union, Privacy, Regulatory Compliance

On Friday, October 16, 2015, the Article 29 Working Party (“WP29”) released a statement on the decision of the Court of Justice of the European Union (“CJEU”) in the case Schrems v Data Protection Commissioner (C-362-14), the landmark decision which invalidated the decision of the European Commission underpinning the Safe Harbour framework by which personal… → Read More

Europe’s Top Court Invalidates ‘Safe Harbour’ Data Transfer Framework

Posted in European Union, Legislation, Privacy

On October 6, 2015, the Court of Justice of the European Union (“CJEU”) declared that the US-EU Safe Harbour framework is invalid, striking it down in the highly anticipated case of Schrems v. Data Protection Commissioner. The decision is effective immediately, with far-reaching and widespread implications for entities with multinational data flows. Since EU data… → Read More