February 1, 2021
For the third consecutive year, following the publication of Gibson Dunn’s ninth annual U.S. Cybersecurity and Data Privacy Outlook and Review on Data Privacy Day, we offer this separate International Outlook and Review.
Like many recent years, 2020 saw significant developments in the evolution of the data protection and cybersecurity landscape in the European Union (“
EU”):
CJEU” or “
Court”) struck down as legally invalid the EU-U.S. Privacy Shield, on which some companies relied to transfer personal data from the EU to the U.S. While companies are turning to other frameworks to transfer personal data, such as Standard Contract Clauses (“
To print this article, all you need is to be registered or login on Mondaq.com.
2020 was a year we will never forget. In the world of data
protection, 2020 was perhaps the most turbulent year since the
entry into force of the EU General Data Protection Regulation
(
GDPR) in 2018. Ahead of the Council of
Europe s annual Data Protection Day on 28 January 2021, we
unpack the key data protection stories of 2020 and look ahead to
what 2021 has in store.
2020 Round-Up
March 2020: COVID-19 Raises Data Protection & Cybersecurity
Issues
COVID-19 has required businesses to adapt to remote working
environments and introduce new procedures to ensure customers and
To print this article, all you need is to be registered or login on Mondaq.com.
On 15 December, the UK Government set out its proposals to
regulate social media in the UK. With the aim of making the UK the safest place in the world to be online , a new legal
duty of care will be established as and when the Online Harms Bill
eventually comes before Parliament. It aim is to force businesses
with a significant online component to take more responsibility for
the safety of their users and tackle a number of harms
which could be caused by content or activity on their services, all
The judgement was determined in December 2020 before it was sent to fellow European data regulators to assess and agree upon.
The penalty could fall in the region of between €30 million and €50 million while WhatsApp may be required to change how it handles user data, according to
Politico. Once ratified, this would be the second judgement the Irish DPC will have made under the one-stop-shop principle.
Under this principle, multinational companies with potential violations that are cross-border in nature will be investigated by a lead supervisory authority on behalf of the wider EU. In this case, and in the case of many other tech companies, Irish regulators are nominated as the lead authority given these companies are based in Ireland.
To embed, copy and paste the code into your website or blog:
On 13 January 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued an important opinion in the case of
Facebook Belgium v Gegevensbeschermingsautoriteit (C-645/19) which considers the vital role of the GDPR’s one-stop-shop mechanism. The AG’s opinion unequivocally affirms the significance of the role of the lead supervisory authority (LSA) in being the primary investigator and enforcer of data protection law within the EU, while at the same time acknowledging the active role that other supervisory authorities concerned (SAC) have in scrutinising organisations’ compliance with the GDPR.