Max Schrems has spoiled US plans for dealing with data from European countries for a second time. On 15^th July, the CJEU issued a judgment which invalidated the U.S. Privacy Shield. This had previously enabled data transfers between the U.S. and the EU without the need for any alternative transfer mechanisms. 

On the 16^th of  July, the Court of Justice of the European Union (“CJEU”) will release its opinion in the ‘Schrems II’ case, which could have a significant impact on the use of standard contractual clauses and third party transfers of personal data.

California’s data protection law went into effect on 1 January, 2020. It is far and away the most robust piece of legislation dealing with consumer privacy in the United States. While the California Consumer Privacy Act (CCPA) applies primarily to California businesses, it will likely have some knock-on effects for anyone who does business within the United States, especially when dealing with personal data.

With more and more of our day to day life happening in an online environment, many decisions are inevitably made by computers, with no human involvement – a process called automated decision-making.  Organisations use technology, including algorithms and machine-learning, to collect and analyse a range of personal data about an individual – from their buying habits to lifestyle data, from social network data to mobile phone data. Automated individual decision-making is frequently used for the purposes of profiling. Profiling is defined by the GDPR as:“Any form of automated processing of personal data consisting of the use of personal data to evaluate certain...

One of the rights given to individuals under the GDPR, is that of data portability. But when does it apply and what exactly does it entail?The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format but only comes into play in certain situations.The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. This means that individuals can move, copy or transfer personal data easily from one IT environment to another in a...