Author Archives: Claude-Etienne Armingaud

🇺🇸 IAPP DPI France Codes of Conduct GDPR’s Prodigal Son Finally Arriving?

March 14th, 2023 | Posted by Claude-Etienne Armingaud in Conference | Data Transfer | Europe | France | Privacy | World - (0 Comments)

Claude-Étienne Armingaud, CIPP/E, Partner, Data Protection Privacy and Security Practice Group Coordinator, K&L Gates

Gabriela MercuriManaging Director, SCOPE Europe

Jörn WittmannDirector Privacy Legislative Strategy and Public Policy, Volkswagen AG

Codes of conduct overseen by accredited monitoring bodies are one of the breakthrough innovations introduced by EU General Data Protection Regulation. As part of its accountability framework, GDPR not only shifted the onus of demonstrative compliance, but also created the possibility for stakeholders to engage in co-regulatory practices. The goal was to allow the industry to support regulatory implementation by developing workable guidance to concretize the GDPR’s provisions. More flexible than other previously adopted compliance tools, CoCs generated high expectations, particularly in the wake of Schrems II, as a possible solution to address international data transfers and enable legal foreseeability. CoCs have not yet reached their full potential, with only a handful of national CoCs deployed and even less at the pan-European level. However, as the cloud ecosystem leads the way, this panel will explore the background of this sectoral success while highlighting CoC’s benefits, as well as their limitations.

What you will learn:

• How to understand the relevancy of CoCs in a post-GDPR, post-Schrems II era.

• What CoCs can bring to an ecosystem, as well as what they should not be pursued for.

• The future of international data transfers amid emerging data protection systems at global levels.

More information.

Leaders League Ranking 2023 Technologies, internet & telecommunications Internet France

March 3rd, 2023 | Posted by Claude-Etienne Armingaud in France | IT | Rankings | Social Networks - (0 Comments)

K&L Gates ranked “Recommended” with Claude-Etienne Armingaud.

Source: Leaders League

(more…)

, ,

Leaders League Ranking 2023 Technologies, internet & telecommunications IT, software & digital projects France

March 3rd, 2023 | Posted by Claude-Etienne Armingaud in France | IT | Rankings | Software - (0 Comments)

K&L Gates ranked “Highly Recommended, Band 2/2” with Claude-Etienne Armingaud.

Source: Leaders League

(more…)

Leaders League Rankings 2023 Technologies, internet & telecommunications Data protection law Law firm France

March 3rd, 2023 | Posted by Claude-Etienne Armingaud in France | Privacy | Rankings - (0 Comments)

K&L Gates ranked “Highly Recommended – Band 1” with Claude-Etienne Armingaud.

Source: Leaders League

(more…)

Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR

February 25th, 2023 | Posted by Claude-Etienne Armingaud in Data Transfer | Europe | Privacy - (0 Comments)

Version 2.0 dated 14 February 2023
Go to the official PDF version.

Executive Summary

The GDPR does not provide for a legal definition of the notion “transfer of personal data to a third country or to an international organisation”. Therefore, the EDPB provides these guidelines to clarify the scenarios to which it considers that the requirements of Chapter V should be applied and, to that end, it has identified three cumulative criteria to qualify a processing operation as a transfer:

  1. A controller or a processor (“exporter”) is subject to the GDPR for the given processing.
  2. The exporter discloses by transmission or otherwise makes personal data, subject to this processing, available to another controller, joint controller or processor (“importer”).
  3. The importer is in a third country, irrespective of whether or not this importer is subject to the GDPR for the given processing in accordance with Article 3, or is an international organisation.

If the three criteria as identified by the EDPB are met, there is a transfer and Chapter V of the GDPR is applicable. This means that the transfer can only take place under certain conditions, such as in the context of an adequacy decision from the European Commission (Article 45) or by providing appropriate safeguards (Article 46). The provisions of Chapter V aim at ensuring the continued protection of personal data after they have been transferred to a third country or to an international organisation.

Conversely, if the three criteria are not met, there is no transfer and Chapter V of the GDPR does not apply. In this context, it is however important to recall that the controller must nevertheless comply with the other provisions of the GDPR and remains fully accountable for its processing activities, regardless of where they take place. Indeed, although a certain data transmission may not qualify as a transfer according to Chapter V, such processing can still be associated with increased risks since it takes place outside the EU, for example due to conflicting national laws or disproportionate government access in the third country. These risks need to be considered when taking measures under, inter alia, Article 5 (“Principles relating to processing of personal data”), Article 24 (“Responsibility of the controller”) and Article 32 (“Security of processing”) – in order for such processing operation to be lawful under the GDPR.

These guidelines include various examples of data flows to third countries, which are also illustrated in an Annex in order to provide further practical guidance.

(more…)

, , , ,

Gateway to Privacy: This Is the Way GDPR Article 5 Compliance

February 25th, 2023 | Posted by Claude-Etienne Armingaud in Case Law | Communication | Europe | Podcast | Privacy - (0 Comments)

In this first episode, we discuss the challenges faced by data controllers in their compliance with Article 5 GDPR following the EU Court of Justice’s Digi Case C-77/21. In particular, we focus our discussion on the purpose and data storage limitations, and how your legal team should be the 3PO protocol droid within your organization for the implementation of GDPR best practices.

May the enforcement be with you!

First publication: K&L Gates Hub with Eleonora Curreri

, , , , ,

Gateway to Privacy Our K&L Gates Data Protection Podcast

February 22nd, 2023 | Posted by Claude-Etienne Armingaud in Europe | Podcast | Privacy | World - (0 Comments)

This program provides timely updates, best practices, and emerging developments in today’s data protection, privacy, and security industry.

Listen to the latest episodes now!

Survey on the Economics on Personal Data on Mobile Apps Launched by France’s Privacy Watchdog

January 27th, 2023 | Posted by Claude-Etienne Armingaud in France | Privacy - (0 Comments)

This survey follows the CNIL’s announcement on 24 November 2022 that it aims at “better understanding the economic challenges associated with the collection and processing of personal data in mobile applications” as part of its 2022-2024 strategic plan.

The CNIL considered data collection via mobile applications greatly lacks transparency as opposed to cookies collection on websites.

The expected inputs are to be used for the purpose of drafting recommendations to be submitted to public consultation during the second semester of this year.

Concurrently to its ever-active enforcement of website cookie framework, the CNIL also recently started going after mobile applications for their use of personal data, often leverage as a primary source of revenue for free-to-play mobile games. The most recent example being the French mobile game publisher Voodoo SAS, with a fine of EUR3 million for breach of user consent for targeted ads on 29 December 2022. Indeed, the CNIL considered that even when users did not consent to the tracking for advertising purposes, Voodoo still accessed the IDFV (Apple’s “IDentifier For Vendors” (“IDFV”) – an identifier assigned to app operators, which facilitates targeted advertising) and processed browsing information for advertising purposes, constituting a violation of French privacy law and the GDPR.

The CNIL now calls for economic contributions from experts, interest groups, regulatory entities and experienced private individuals in the field. The call for contributions closes on 10 February 2023. Contributions can be submitted by completing a questionnaire and/or a written statement at the following email address: ecodesapplis@cnil.fr.

All contributions will be covered by professional secrecy and will be published in the form of a synthetic and aggregated report.

First publication on Cyber Law Watch with Camille Scarparo.

EU Digital Services Act: Fundamental Changes for Online Intermediaries?

November 5th, 2022 | Posted by Claude-Etienne Armingaud in Competition | eCommerce | Europe | internet | Legislation - (0 Comments)

On 27 October 2022, the Digital Services Act (DSA) was published in the EU Official Journal as Regulation (EU) 2022/2065, with the aim to fully harmonize the rules on the safety of online services and the dissemination of illegal content online. The Digital Services Act will require online intermediaries to amend their terms of service, to better handle complaints, and to increase their transparency, especially with respect to advertising.

(more…)

, , , , , ,

🇫🇷 Flottes connectees, reglementation et experiences reussies

October 27th, 2022 | Posted by Claude-Etienne Armingaud in Conference | Connected Cars | France | Privacy - (0 Comments)

Très heureux d’avoir accueilli ce matin en nos locaux GEOTAB pour la conférence « Flottes connectées, réglementation et expériences réussies », modérée par François Denis, Directeur Général France GEOTAB.

Claude-Etienne Armingaud, CIPP/E, associé Protection des données, nous a exposé les enjeux du droit des données à caractère personnel en lien avec les véhicules connectés.

Pascal Six, Business Development Manager, a retracé la manière dont GEOTAB a développé et continue d’adapter son offre, dans le respect des lois applicables en matière de protection des données à caractère personnel.

Pour terminer, Bertrand MATHIEU Directeur des Opérations VAC / Hardouin Loc, nous a fait part de son expérience client réussie avec GEOTAB.

Merci aux intervenants et participants !

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits, as well as some analytics by Google and social buttons. By clicking “Accept”, you consent to the use of ALL the cookies. You may also customize the selection
Cookie settingsACCEPT REJECT