Posts about GDPR by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
I have posted a draft of my new article, The Limitations of Privacy Rights, on SSRN where it can be downloaded for free. The article critiques the effectiveness of individual privacy rights generally, as well as specific privacy rights such as the rights to information, access, correction, erasure, objection, data portability, automated decisionmaking, and more. […]
In this webinar, Daniel Solove (GW Law and TeachPrivacy), Justin Antonipillai (WireWheel), Peter Swire (Alston & Bird), Kenneth Propp (Atlantic Council), and Shannon Yavorsky (Orrick) discuss the latest developments regarding cross-border data transfers.
How does China’s new Personal Information Protection Law (PIPL) compare to the European Union’s GDPR? In this post, I provide a quick PIPL vs. GDPR comparison. In comparing the PIPL with the GDPR, I will note a few key similarities and differences — my comparison is not comprehensive. Comparing PIPL and GDPR: Similarities A few […]
I’m pleased to announce that Paul Schwartz and I have launched a new casebook, EU Data Protection and the GDPR. Developed from the casebook Information Privacy Law, this paperback contains key cases and materials focusing on privacy issues related to the GDPR and data protection in the European Union. Topics covered include the GDPR, Schrems cases, […]
I am excited to announce a new GDPR training course — the General Data Protection Regulation (GDPR) — extensive version (20 mins). My existing course is a shorter 7 min introduction; this new 20-min course provides a more detailed overview of the GDPR. If you’re interested in evaluating the new 20-min GDPR course (or the […]
Numerous privacy laws are requiring that companies provide individuals with data rights — rights to access their data, correct their data, learn about uses of their data, delete their data, and more. Administering these rights can be quite complicated for organizations.
In this video, I discuss the aftermath of Schrems II with Justin Antonipillai (Wirewheel) and Peter Swire (Georgia Tech and Alston & Bird). Peter Swire’s new Lawfare piece on how to address the individual redress issue is After Schrems II: A Proposal to Meet the Individual Redress Challenge.
Professor Paul Schwartz and I recently edited the Schrems II decision for our Information Privacy Law casebook. Schrems II is short for Facebook Ireland Ltd. v. Maximillian Schrems — the second challenge by Maximillian Schrems to the transfer of data between the EU and US. In Schrems I, the European Court of Justice (CJEU) invalidated the Safe […]
In Facebook Ireland Ltd. v. Maximillian Schrems (Schrems II) (July 16, 2020), the European Court of Justice (CJEU) invalidated the Privacy Shield, a widely-used method to transfer personal data from the EU to the US. The decision also put other data transfer mechanisms—Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCRs)—into significant doubt. The court’s concern was the deficiency of […]
Yesterday, the European Court of Justice issued its decision in Facebook Ireland v. Schrems, a case known as Schrems II. The court’s opinion sent shock waves throughout the privacy world. I had a terrific discussion with Justin Antonipillai (Wirewheel), Gabriela Zanfir-Fortuna (Future of Privacy Forum), Ralf Sauer (European Commission), Jocelyn Aqua (PwC) and Bob […]