In its second statement of intent of the week, on 9 July 2019, the UK’s Information Commissioner’s Office (“ICO”) announced its intention to fine Marriott International, Inc (“Marriott”) £99.2m under the General Data Protection Regulation (“GDPR”) for a personal data breach that occurred in relation to the Starwood guest reservation database system.
Continue Reading UK ICO Intends to Fine Marriott over £99m for Personal Data Breach under the GDPR

The UK’s Information Commissioner’s Office (“ICO”) today (8 July 2019) announced its intention to fine British Airways (“BA”) £183.39m under the General Data Protection Regulation (“GDPR”) for a personal data breach. This is the highest fine issued so far by a European Union data protection supervisory authority for a personal data breach under the GDPR.
Continue Reading British Airways Fined over £183m for Personal Data Breach Under the GDPR

After the EU Copyright Directive was passed by the EU Parliament last month (see our original blog post for further details), it was formally approved by the Council of the European Union on April 15, 2019. Nineteen EU member states, including Germany, France and the UK, voted in favor. Six member states – namely Finland, Italy, Luxembourg, the Netherlands, Poland and Sweden – voted against the Directive, while three countries abstained from the vote.
Continue Reading Council of the EU Formally Adopts EU Copyright Directive

In today’s interconnected, “always-on” environment, it is easy to forget how dependent we all are on records and, more importantly, on the people we trust to make these records correctly and to hold them securely. One solution has been the “trusted third party,” who maintains a single ledger for a group. Blockchain is another solution. From a legal perspective, there are challenges with both the blockchain technology and the idea of adopting smart contracts. Mayer Brown partner Oliver Yaros shares his insights as part of our Tech Talks video series.
Continue Reading Mayer Brown’s Tech Talks: Blockchain’s Possibilities for Contracting

On 26 March 2019, following a lengthy process, the European Parliament has given final approval to the Copyright Directive, aimed at the modernization of the EU copyright regime. Members of parliament voted 348 in favor of the law and 274 against. Before voting on the reform proposal, a vote was held on whether or not to address proposed amendments – notably the exclusion of the law’s most debated clause, Article 13 or the “upload filter.” Members of parliament opposed a decision on the proposed amendments, in a close vote with 312 in favor but 317 against addressing any amendments.
Continue Reading European Parliament Approves New Copyright Rules for the Internet, Including So-Called ‘Link Tax’ and ‘Upload Filters’

On 21 March 2019, Advocate General (AG) Maciej Szpunar delivered his opinion on a number of questions which, inter alia, relate to the validity of consent to cookies “by way of a pre-checked checkbox” (Case C 673/17). While the questions referred to the Court of Justice of the European Union (CJEU) primarily related to provisions of the Privacy and Electronic Communications Directive (2002/58/EG), the AG stated that the principles established in his opinion were equally valid for the EU General Data Protection Regulation (GDPR).
Continue Reading CJEU Advocate General Opinion: A “Pre-Checked Checkbox” Is Not Valid Consent to Cookies under the GDPR

On 13 February 2019, the data protection officer for the German state of Baden-Wuerttemberg published a guideline on password security under the EU General Data Protection Regulation (GDPR). The guideline aims to advise data controllers (e.g., service providers, administrators) on how to set up effective password policies and securely store passwords, and data subjects (users) on how to choose secure passwords.
Continue Reading German Data Protection Authority Publishes Guideline on GDPR Requirements for Passwords

According to recent press reports, since the EU General Data protection Regulation (GDPR) came into force in May 2018, German data protection authorities have issued 41 GDPR-related fines. The highest fine in a single case is reported to have been EUR 80,000, and the majority of fines (33) originated from the state of North-Rhine Westphalia.
Continue Reading 41 GDPR Fines Issued by German Data Protection Authorities

On 12 February 2019, the European Data Protection Board (EDPB) adopted an information note “on data transfers under the GDPR in the event of a no-deal Brexit.” According to the note, as of 30 March 2019, transfers of personal data from the European Economic Area (EEA) to the UK must be based either on Standard or ad hoc Data Protection Clauses, Binding Corporate Rules, Codes of Conduct, Certification Mechanisms or Derogations.
Continue Reading EDPB Issues Note on Data Transfers to the UK in the Event of a No-Deal Brexit

Regulation (EU) 2019/5, which was published a few days ago in the Official Journal of the European Union, amends the EU pharmaceutical legal framework by firstly complementing new Regulation 2019/6 on veterinary products that repeals Directive 2001/82/EC on veterinary medicinal products and incorporating the provisions on veterinary products contained in Regulation 726/2004 (in particular, Articles 30 to 45), thereby
Continue Reading New EU Regulation Extends Financial Penalties to Entities Beyond the Marketing Authorization Holder and Updates the Legal Framework for Medicinal Products for Human Use