IP/IT/TELECOM


(Alleged) data protection infringement? Say bye-bye to your .be domain name

(Alleged) data protection infringement? Say bye-bye to your .be domain name
02/12/2020

The Belgian Data Protection Authority (BDPA) published on 30 November 2020 a cooperation agreement with DNS Belgium, the registry for .be, on the consequences of (alleged) data protection infringements.

Read more
Checklist for transferring personal data after schrems II

Checklist for transferring personal data after schrems II
26/11/2020

The CJEU ruling from 16 July 2020 in the Schrems II case created a lot of uncertainty for organisations transferring personal data outside the EEA. Not only was the EU-US Privacy Shield invalidated, the Court also imposed conditions for the use of standard contractual clauses (SCCs) as a mechanism to transfer personal data to non-EEA countries and this without any grace period. Any such transfer must at all times provide adequate safeguards to ensure a level of protection essentially equivalent to that provided by EU law. 

But how should this requirement be fulfilled in practice? Can the EEA-based party be expected to scrutinise all foreign law systems and decide whether additional legal safeguards are needed on a case-by-case basis? And which measures should it take? How should it provide adequate protection against access by public authorities in the non-EEA countries? How should it ensure that data subjects' rights or remedies are at all times respected?

Both the European Data Protection Board (EDPB) and the European Commission came up with some first practical guidance and instruments on 11 and 12 November respectively.

Read more
Recommendations on outsourcing to cloud service providers by (re)insurance companies

Recommendations on outsourcing to cloud service providers by (re)insurance companies
25/11/2020

The National Bank of Belgium (NBB) published 15 recommendations for (re)insurance companies that outsource to cloud service providers. These recommendations will apply as of 1 January 2021. In this article, we will briefly summarise these recommendations.

Read more
 Invoking copyright to block the submission of evidence? Nice try, but no cigar!

Invoking copyright to block the submission of evidence? Nice try, but no cigar!
24/11/2020

The Court of Justice of the European Union delivers judgments regarding the concept of “communication to the public” faster than legal scholars can read and dissect them.

Read more
Transfers following Schrems II: more clarity

Transfers following Schrems II: more clarity
23/11/2020

On 11 November 2020, the EDPB published (in concept) its long-awaited recommendations concerning the transfer of personal data following Schrems II. Moreover, the European Commission (EC) also published new model contractual clauses on 12 November 2020 (also in draft). In this article, our data experts talk you through these documents and explain what you essentially need to know.

Read more
Doorgifte van persoonsgegevens buiten de EER

Doorgifte van persoonsgegevens buiten de EER
20/11/2020

In het arrest Schrems II van 16 juli 2020 oordeelde het Hof van Justitie dat de doorgifte van persoonsgegevens buiten de EER (Europese Economische Ruimte) op basis van “standard contractual clauses” (SCC’s) slechts in overeenstemming is met de GDPR voor zover het ontvangende land een gelijkwaardige gegevensbescherming biedt als de EU. Inmiddels kwamen er aanbevelingen over de bijkomende maatregelen die ondernemingen kunnen nemen indien het wettelijk kader in het derde land niet voldoende bescherming biedt, en werd ook een ontwerpversie van nieuwe SCC’s gepubliceerd.

Read more
EU Court of Justice clarifies concept of “informed consent” for collection of personal data

EU Court of Justice clarifies concept of “informed consent” for collection of personal data
19/11/2020

On 11 November, the Court of Justice of the EU (“CJEU”) rendered its judgment (Case C‑61/19) in a case (Orange România SA v. Autoritatea NaÅ£ională de Supraveghere a Prelucrării Datelor cu Caracter Personal) about informed consent.

Read more
New Belgian DPA decision: employee consent sometimes works

New Belgian DPA decision: employee consent sometimes works
18/11/2020

Yes, employee consent is possible in certain circumstances – but do not assume old processing activities fully comply. That, in summary, was the position of the Belgian Data Protection Authority (BDPA) in a decision of 9 November 2020 of its Litigation Chamber following a complaint by an individual against its employer, a Belgian hospital. 

Read more
The future of international data transfers: new SCCs and EDPB guidance

The future of international data transfers: new SCCs and EDPB guidance
16/11/2020

Christmas seems to have come early this year for everyone who is involved in data protection.

Read more
Finally some practical EDPB guidance on how to make international data transfers lawful

Finally some practical EDPB guidance on how to make international data transfers lawful
13/11/2020

After a long, four-month wait, we finally have recommendations from the European Data Protection Board (EDPB) on “supplementary measures” in the context of international transfers of personal data –

Read more

Click here to see the ad(s)

LexGO Network