In the wake of the decision of the Court of Justice of the European Union (CJEU) in Schrems II, controllers and processors have been working closely with legal advisors to find a compliant way to...
CJEU finds that national laws on the collection and retention of traffic and location data for combating crime or safeguarding national security are unlawful due to serious interferences with...
As the end of the Brexit transition period on 31 December 2020 (the "Transition End Date") draws closer and political uncertainty continues around the outcome of negotiations between the...
Pearl Cohen Zedek Latzer Baratz
A spokesperson for the French data protection authority ("CNIL") has confirmed that CNIL launched an investigation against the social media platform TikTok, after receiving a data subject's...
Mason Hayes & Curran
The area of individuals' rights under the GDPR is somewhat of a minefield, both for businesses and the individuals themselves.
Davis & Gilbert
With all of the attention that's been paid to the start of enforcement of the California Consumer Privacy Act (CCPA), it might be easy to have missed that it has been two years since...
Responding to DSARs can be time consuming and expensive and the GDPR requires that DSARs be dealt with "without undue delay".
UK Organisations which do business in Ireland and process personal data often assume that compliance with the GDPR is sufficient in order to process the personal data of Irish...
The names, contact details, email addresses, medical records and health data of individuals and patients who attend a GPs practice are protected by strict European and Irish data protection laws...
Multinational clothes retailer H&M has been fined €35.3m by the Hamburg data protection authority for unlawful employee-monitoring practices in breach of the EU General Data Protection Regulation
The High Court has ordered the Data Protection Commission (DPC) to pay the majority of Mr Schrems' costs in The Data Protection Commissioner v Facebook Ireland Limited & Maximillian Schrems  IEHC 537 (Schrems II).
The Data Protection Commission has found a security system used in Irish prisons to be in breach of the General Data Protection Regulation after investigating a complaint by a prison officer.
Guidance was accompanied by a report
From the earliest stages of project development, businesses engaged in the processing of individuals' personal data are required to implement ‘privacy by design' and ‘privacy be default'
As the COVID-19 pandemic continues, retailers have been required to adapt quickly to ensure that their online market place is established...
In this briefing, we consider some of the issues that arise in dealing with requests by law enforcement authorities to produce records that contain personal data.
The Court of Appeal has confirmed that memoranda related to a complaint made about an audit do not constitute personal data.
Various Data Protection Authorities from Australia, Hong Kong, Gibraltar, Switzerland and the United Kingdom have set out their global privacy expectations of video teleconferencing companies in...
Mason Hayes & Curran
Tusla, the Child and Family Agency, recently became the first organisation in Ireland to be fined for a data breach under the GDPR.
On 16 July 2020, the Court of Justice of the European Union (the "Court") published its much anticipated ruling in the Schrems II case in which it considered whether the transfer ...