Blog Post
A Practical Guide to the EU-US Privacy Shield
In all the talk and commentary about the EU-US Privacy Shield, what often gets lost is the one issue that is of primary importance to US businesses – what do US companies actually need to do to self-certify to the Shield? With that in mind, we have sought to digest the 128 pages of Privacy Shield documentation and produce a condensed checklist of what the Shield requires from a practical standpoint.
Blog Post
Victory for Digital Privacy in Microsoft Warrant Case: US Court Confirms that US Data Warrants Do Not Apply Overseas
On 14 July 2016, Microsoft won an important appeal against the US government over a US search warrant that aimed to force the company to hand over certain customer data stored exclusively in Ireland.
Blog Post
Thoughts on the Privacy view of Mary Meeker's Internet Trends 2016
Recently Mary Meeker's Internet Trends report was published listing in great detail current usage, pros and cons, of the internet. Discussion of the technology advances of the internet cannot go without pondering the privacy and security implications
Blog Post
The ambiguity of unambiguous consent under the GDPR
The GDPR allows ordinary personal data to be collected and used on the basis of "unambiguous" consent. For sensitive data, it requires "explicit" consent. The difference between these two standards has attracted excited debate in privacy circles, with some arguing that they are one and the same thing and that the GDPR no longer allows consent to be implied. But is that correct? Is implied consent really no longer possible under the GDPR? This post explores both standards of consent and explains that, while they share many similarities, there are subtle differences and that - in appropriate contexts - implied consent is still possible.
Blog Post
Are DPA notifications obsolete?
For almost 10 years I've been practising data protection law and advising multinational organizations on their strategic approach to global data processing operations. Usually, when it comes to
Blog Post
Global apps sweep: should developers be worried?
A recent sweep with participation from 26 data protection authorities ("DPA") across the world revealed a high proportion of mobile apps are accessing large amounts of personal data without meeting
Blog Post
German Federal Court further strengthens review platforms
With ever increasing relevance of online review platforms, the discussion about the platform´s red lines becomes more and more heated in Germany. The Federal Court of Justice now issued its second
Blog Post
Employee's private emails used as evidence to dismiss employee
On June 19, 2013, the French Court of Cassation ruled in favour of a company for having dismissed one of its employee's (M. X) on the grounds that he was involved in unfair competition. M. X's
Blog Post
Use of technology in the workplace: what are the risks?
Technology is omnipresent in the workplace. In recent years, the use of technological tools and equipment by companies has grown exponentially. Various types of electronic equipment, which were
Blog Post
Mobile privacy - is there an app for that?
Next week I'll be chairing a session at the IAPP's Data Protection Intensive in London on mobile privacy. In advance of my session (and without giving too much away - I highly recommend attending the