15
Fri, Nov
52 New Articles

Based on the GDPR, data controllers have several obligations, such as maintaining the records of data processing or in case of joint controllers, entering into an agreement which determines their respective responsibilities for compliance with their data protection related obligations. In a recent case, the Court of Justice of the European Unio (‘CJEU’) needed to decide on the issue whether the non-compliance with these obligations constitutes unlawful processing resulting in the duty to erase the personal data of the data subject.

 

In the long-awaited aftermath of the havoc caused by the CJEU’s decision (adopted in 2020 in the famous Schrems II case) to invalidate the previously existing EU-US Privacy Shield Framework, the European Commission adopted the adequacy decision promoting the new EU-US Data Privacy Framework (the “Framework”) on 10 July 2023.

As we previously announced, the Court of Justice of the European Union (“CJEU”) issued a ruling in the CK Telecoms case last week, annulling the CK Telecoms judgment and referring the case back to the General Court (“Court”). This appeal was in response to the Court’s decision on May 28, 2020, invalidating the European Commission’s (“EC“) ban on the acquisition of Telefonica Europe Plc by Hutchison 3G UK Investments Ltd. In this article, we delve deeper into the background of this important case and the reasoning behind the CJEU ruling.

Bulgaria's outlook is improving, with its elected government working hard to catch up on crucial EU legal updates, while the country continues to attract investments in banking, energy, healthcare, and technology, according to Penkov Markov & Partners Associated Partner Boris Lazarov.

On 10 July 2023, the European Commission adopted an adequacy decision for a lawful data transfer from the EU to the USA for the third time. This means that personal data may again be lawfully transferred to the US. This will facilitate the use of US service providers for EU companies.

On July 10, 2023, the European Commission adopted a new mechanism for personal data transfer between the EU and the US – the Decision no. C (2023) 4745 (“the Decision”), which stipulates that the US provide adequate and appropriate level of protection, i.e., that corresponds to the one existing in the EU in terms of personal data transferred from the EU to the US companies, without the obligation to undertake any further protective measures. The Decision entered into force and started to apply on the day of its adoption.

More Articles ...