After a decade of litigation and mere moments after the largest GDPR fine levied to date became public, Facebook Meta vowed to fight the decision of the Irish Data Protection Commissioner. In the company's response to the long-awaited decision, Nick Clegg, President, Global Affairs and Jennifer Newstead, Chief Legal Officer, announced Facebook intends to appeal both the … [Read more...] about Facebook Vows to Fight the Fine
GDPR
EU General Court Clarifies When Pseudonymized Data is Considered Personal Data
On April 26, 2023, the General Court of the European Union issued its judgment in Case T-557/20, SRB v EDPS. The Court held that pseudonymized data transmitted to a data recipient will not be considered personal data if the data recipient does not have the means to re-identify the data subjects. The Court also clarified that an individual’s opinions cannot be assumed to be … [Read more...] about EU General Court Clarifies When Pseudonymized Data is Considered Personal Data
Encryption HRIA
Signaling a major shift in the way Meta approaches users' privacy, the company recently announced plans to make all of its messaging services — WhatsApp, Messenger, and Instagram DMs — end-to-end encrypted (E2EE). As part of its initiative, Meta commissioned a human rights impact assessment (HRIA), which concluded that, "Meta’s planned expansion of strong … [Read more...] about Encryption HRIA
EDPB adopts Urgent Binding Decision in relation to WhatsApp
Following a provisional measure taken by the Hamburg DPA against WhatsApp, and analyzing WhatsApp's data sharing practices with Facebook, the EDPB determined that "the high likelihood of infringements and the lack of information" justifies the decision to request the for the Irish DPA to carry out a statutory investigation relating to WhatsApp's data processing, including: … [Read more...] about EDPB adopts Urgent Binding Decision in relation to WhatsApp
Fear and Loathing in the UK Adequacy Decision
On June 28, the European Commission adopted the UK adequacy decision, which will allow personal data to be transferred from the EU to the UK without additional safeguards. In an ideal world, this would indicate that the UK offers an adequate level of protection for personal data, and would signal their willingness to retain those standards. Unfortunately, reality tells a … [Read more...] about Fear and Loathing in the UK Adequacy Decision
Schrems II and Its Impact on the EU-U.S. Privacy Shield
The U.S. Congressional Research Service has examined the impact of Schrems II and published a detailed report that provides an overview of EU law governing international data transfers, including the Schrems II decision; reviews the U.S. surveillance laws relevant to that decision; and concludes by discussing some considerations for Congress. Read CRS Report R46724. … [Read more...] about Schrems II and Its Impact on the EU-U.S. Privacy Shield
