Posts about GDPR by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
I posted a draft of my new article, Data Is What Data Does: Regulating Use, Harm, and Risk Instead of Sensitive Data. It is just a draft, and I welcome feedback. You can download it for free here: Here’s the abstract: Heightened protection for sensitive data is becoming quite trendy in privacy laws around the […]
If you couldn’t make my webinar to discuss cross-border data transfers, you can watch the replay here. Justin Antonipillai of Wirewheel, Josh Harris of BBB National Programs and I discussed the new framework between the US and the EU for cross-border data transfers as well as the CBPRs. We also discussed steps that companies […]
I have posted a draft of my new article, The Limitations of Privacy Rights, on SSRN where it can be downloaded for free. The article critiques the effectiveness of individual privacy rights generally, as well as specific privacy rights such as the rights to information, access, correction, erasure, objection, data portability, automated decisionmaking, and more. […]
In this webinar, Daniel Solove (GW Law and TeachPrivacy), Justin Antonipillai (WireWheel), Peter Swire (Alston & Bird), Kenneth Propp (Atlantic Council), and Shannon Yavorsky (Orrick) discuss the latest developments regarding cross-border data transfers.
How does China’s new Personal Information Protection Law (PIPL) compare to the European Union’s GDPR? In this post, I provide a quick PIPL vs. GDPR comparison. In comparing the PIPL with the GDPR, I will note a few key similarities and differences — my comparison is not comprehensive. Comparing PIPL and GDPR: Similarities A few […]
I’m pleased to announce that Paul Schwartz and I have launched a new casebook, EU Data Protection and the GDPR. Developed from the casebook Information Privacy Law, this paperback contains key cases and materials focusing on privacy issues related to the GDPR and data protection in the European Union. Topics covered include the GDPR, Schrems cases, […]
I am excited to announce a new GDPR training course — the General Data Protection Regulation (GDPR) — extensive version (20 mins). My existing course is a shorter 7 min introduction; this new 20-min course provides a more detailed overview of the GDPR. If you’re interested in evaluating the new 20-min GDPR course (or the […]
In Facebook Ireland Ltd. v. Maximillian Schrems (Schrems II) (July 16, 2020), the European Court of Justice (CJEU) invalidated the Privacy Shield, a widely-used method to transfer personal data from the EU to the US. The decision also put other data transfer mechanisms—Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCRs)—into significant doubt. The court’s concern was the deficiency of […]
Numerous privacy laws are requiring that companies provide individuals with data rights — rights to access their data, correct their data, learn about uses of their data, delete their data, and more. Administering these rights can be quite complicated for organizations.
In this video, I discuss the aftermath of Schrems II with Justin Antonipillai (Wirewheel) and Peter Swire (Georgia Tech and Alston & Bird). Peter Swire’s new Lawfare piece on how to address the individual redress issue is After Schrems II: A Proposal to Meet the Individual Redress Challenge.