Global Privacy Updates

French Competition Authority Fines Apple €150M Alleging Market Power Abuse of Ad Privacy System

in , ,
French Competition Authority Fines Apple €150M Alleging Market Power Abuse of Ad Privacy System

By Susan Hintze and Hansenard Piou 

Note that the Autorité has not yet been published the decision in question as it is in process of redacting information relating to trade secrets. Please check back for updates. 

Read More
Don’t Sleep on Maryland: The Maryland Online Data Privacy Act Will Keep Health and Wellness Companies Up at Night — Hintze
Tags: , ,

Hintze Global Privacy and Security Updates

in ,

Hintze Law continuously tracks privacy and security updates around the world to bring you a regular update of the latest developments. Below is a snapshot of updates from the last month. If you missed our last round of updates, you can find those here.

Read More

Analysis of the Unpublished 2022 Decisions of the Polish DPA

in

By Deb Gray

Our friends at KL&M Law, in Warsaw Poland, were kind enough to share unpublished decisions from the data protection authority (DPA) of Poland (UODO) that they obtained as part of a recent information request. The resulting report, on nearly 80 decisions, is divided into thematic sections: Marketing, Financial sector, Insurance sector, COVID and health information, Publicly available data, Labor issues, Claims, Video surveillance, Personal data breach, and Miscellaneous.

Read More
Don’t Sleep on Maryland: The Maryland Online Data Privacy Act Will Keep Health and Wellness Companies Up at Night — Hintze

Early Thoughts on the Schrems II Decision on EU Data Transfers

in

As you may be aware, last Thursday the Court of Justice of the European Union (CJEU) issued a dramatic opinion in the Schrems II case that invalidated the EU-U.S. Privacy Shield Agreement and called into question the extent to which U.S. companies can rely on the EU Standard Contractual Clauses (SCCs) as the basis for data transfers. 

Read More
Don’t Sleep on Maryland: The Maryland Online Data Privacy Act Will Keep Health and Wellness Companies Up at Night — Hintze

Is our U.S. company subject to GDPR? New guidance on territorial scope from EDPB

in

By Jennifer Ruehr and Susan Lyon-Hintze

Non-EU organizations that process personal data as data controllers or processors frequently ask whether they are subject to the General Data Protection Regulation (“GDPR”). The answer depends in part on the “territorial scope” provisions in Article 3 of the GDPR. Organizations fall under the territorial scope of the GDPR when they meet one of two main criteria: the “establishment” criterion under Article 3(1) or the “targeting” criterion under Article 3(2). On November 16, 2018, the European Data Protection Board (“EDPB”) released “Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)-Version for public consultation.” These guidelines provide interpretation and clarification of the Article 3 criteria that can help organizations understand and evaluate how the GDPR applies to their data processing. 

Read More
Don’t Sleep on Maryland: The Maryland Online Data Privacy Act Will Keep Health and Wellness Companies Up at Night — Hintze

EU-U.S. Privacy Shield Details Released

in ,

On February 29, 2016, the European Commission issued a draft “adequacy decision” introducing the EU-U.S. Privacy Shield (“Privacy Shield”). The Privacy Shield replaces the U.S.-EU Safe Harbor Framework (“Safe Harbor”) as the new data transfer agreement legitimizing transfer of EU personal data to the U.S. by certifying participants. As described and linked to in the Commission’s press release, several U.S. government agencies have provided written commitments to enforce the Privacy Shield. These commitments will be published in the U.S. Federal Register.

Read More
Don’t Sleep on Maryland: The Maryland Online Data Privacy Act Will Keep Health and Wellness Companies Up at Night — Hintze
Tags: ,