GDPR: 6 years in, where do we stand?
May 22nd, 2024 | Posted by in Conference | Europe | Privacy - (0 Comments)Once More Ranked Among World’s Best Data Law Firms by Global Data Review
May 5th, 2024 | Posted by in Non classé | Privacy | Rankings | World - (0 Comments)Once again, global law firm K&L Gates LLP has been ranked among the world’s 100 leading data law firms by Global Data Review’s GDR 100. The annual list examines law firms’ privacy and data protection capabilities, use of IP and confidentiality laws to protect proprietary data, and the firm’s work on all other personal and non-personal data laws at a global level.
Nearly two dozen K&L Gates lawyers were recognized in the 2024 GDR 100, including Paris partner Claude-Étienne Armingaud. Other partners leading the practice and identified in the profile include Melbourne partner Cameron Abbott, Seattle partners Shannan Frisbie, Whitney McCollum, David Bateman, and Carley Andrews, Washington, D.C., partner Bruce Heiman, Chicago partner Limo Cherian, London partner Sarah Turpin, and Research Triangle Park partners Gina Bertolini and Leah Richardson.
Clients provided positive feedback of their experience working with K&L Gates’ lawyers stating the team has “deep knowledge of privacy laws and regulations, but they also understand the business impact of their advice. This sets them apart from other firms in the market.”
K&L Gates’ Data Protection, Privacy, and Security practice boasts more than 60 lawyers and professionals with experience in various technologies and methodologies. From assessing risk to incident response, breach, and crisis counseling globally, the team is qualified to handle most data privacy and security compliance issues. The practice also assists with cross-border mergers and acquisitions and specialized services focused on emerging areas such as biometric data compliance and defense.
The full K&L Gates profile can be read at Global Data Review (subscription required).
🇫🇷 OneTrust TrustWeek Paris: Charting GDPR – Navigating the EU and global data laws
October 17th, 2023 | Posted by in Conference | Data Transfer | Europe | Privacy | World - (0 Comments)Post-Brexit EU businesses have needed to rethink how they approach showing compliance with a host of regulations, managing international data transfers and building trust with data subjects. Having to comply with the GDPR, prepare for other data protection bills, all while continuing to comply with the EU-GDPR as well as a host of global regulations means businesses might look to certification as a common system for adequacy as a one-stop shop, when addressing the overlaps and more crucially closing the gaps on their privacy compliance programs.
Featured speakers:
- Noshin Khan, Senior Compliance Counsel, Ethics Center of Excellence, OneTrust
- Claude-Étienne Armingaud, Partner, K&L Gates
Register here.
Legal 500 Rankings 2023 – Data Privacy and Data Protection – Tier 2 & Leading Individual – France
April 12th, 2023 | Posted by in France | Privacy | Rankings - (0 Comments)Backed by a global network spanning five continents, the data protection, privacy and security group at K&L Gates LLP assists financial institutions and multinationals in mining, biotech (Anika Therapeutics), energy (Envision), home appliances (SharkNinja), pharmaceuticals (Ipsen), manufacturing (K&N Engineering), luxury goods and tech, on wide array of matters across the practice area. Headed by Claude-Etienne Armingaud, an expert in multi-jurisdictional transactional matters, dealing with IT outsourcing and data protection, the group also assists clients with GDPR compliance, data sharing agreements and data protection elements of M&A transactions.
Leading individuals: Claude-Etienne Armingaud – K&L Gates LLP
Practice head(s): Claude-Etienne Armingaud
(more…)Leaders League Rankings 2023 – Technologies, internet & telecommunications – Data protection law – Law firm – France
March 3rd, 2023 | Posted by in France | Privacy | Rankings - (0 Comments)K&L Gates ranked “Highly Recommended – Band 1” with Claude-Etienne Armingaud.
Source: Leaders League
(more…)Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR
February 25th, 2023 | Posted by in Data Transfer | Europe | Privacy - (0 Comments)Version 2.0 dated 14 February 2023
Go to the official PDF version.
Executive Summary
The GDPR does not provide for a legal definition of the notion “transfer of personal data to a third country or to an international organisation”. Therefore, the EDPB provides these guidelines to clarify the scenarios to which it considers that the requirements of Chapter V should be applied and, to that end, it has identified three cumulative criteria to qualify a processing operation as a transfer:
- A controller or a processor (“exporter”) is subject to the GDPR for the given processing.
- The exporter discloses by transmission or otherwise makes personal data, subject to this processing, available to another controller, joint controller or processor (“importer”).
- The importer is in a third country, irrespective of whether or not this importer is subject to the GDPR for the given processing in accordance with Article 3, or is an international organisation.
If the three criteria as identified by the EDPB are met, there is a transfer and Chapter V of the GDPR is applicable. This means that the transfer can only take place under certain conditions, such as in the context of an adequacy decision from the European Commission (Article 45) or by providing appropriate safeguards (Article 46). The provisions of Chapter V aim at ensuring the continued protection of personal data after they have been transferred to a third country or to an international organisation.
Conversely, if the three criteria are not met, there is no transfer and Chapter V of the GDPR does not apply. In this context, it is however important to recall that the controller must nevertheless comply with the other provisions of the GDPR and remains fully accountable for its processing activities, regardless of where they take place. Indeed, although a certain data transmission may not qualify as a transfer according to Chapter V, such processing can still be associated with increased risks since it takes place outside the EU, for example due to conflicting national laws or disproportionate government access in the third country. These risks need to be considered when taking measures under, inter alia, Article 5 (“Principles relating to processing of personal data”), Article 24 (“Responsibility of the controller”) and Article 32 (“Security of processing”) – in order for such processing operation to be lawful under the GDPR.
These guidelines include various examples of data flows to third countries, which are also illustrated in an Annex in order to provide further practical guidance.
(more…)Gateway to Privacy: This Is the Way – GDPR Article 5 Compliance
February 25th, 2023 | Posted by in Case Law | Communication | Europe | Podcast | Privacy - (0 Comments)In this first episode, we discuss the challenges faced by data controllers in their compliance with Article 5 GDPR following the EU Court of Justice’s Digi Case C-77/21. In particular, we focus our discussion on the purpose and data storage limitations, and how your legal team should be the 3PO protocol droid within your organization for the implementation of GDPR best practices.
May the enforcement be with you!
First publication: K&L Gates Hub with Eleonora Curreri
Leaders League Rankings 2022 – Technologies, internet & telecommunications – Data protection law – Law firm – France
March 8th, 2022 | Posted by in IT | Privacy | Rankings - (0 Comments)K&L Gates ranked “Highly Recommended – Band 1” with Claude-Etienne Armingaud.
Source: Leaders League
(more…)Best Lawyers France 2021 – Privacy and Data Security Law
November 2nd, 2021 | Posted by in France | Privacy | Rankings - (0 Comments)Claude-Etienne Armingaud from K&L Gates ranked among the Best Lawyers France 2021 for Privacy and Data Security Law
Source: Best Lawyers
GDPR – Brexit UK Consults On New Data Protection Regime
September 15th, 2021 | Posted by in Brexit | Privacy - (0 Comments)The UK government has unveiled its much-trailed plans to reform its data protection laws, outlined in a consultation document which is open for public comment until 19 November 2021.
Since Brexit was finalised at the start of 2021, the United Kingdom has retained much of the EU General Data Protection Regulation. The government’s plans, if implemented, would see the UK move away from the EU’s approach in several key ways, which may lead to trouble for the continuation of the adequacy decision granted by the EU in June. If terminated, the adequacy decision, currently permitting free flows of personal data between the EU and the UK, could cause increased costs and bureaucracy for businesses on both sides of the Channel to continue their data transfers.
Some of the changes to the UK GDPR proposed in the consultation document are:
- Making the legitimate interests lawful basis easier to use, by publishing a limited, exhaustive list of legitimate interests that organisations can use without having to complete a balancing test.
- Removal of the right to human review of decisions made on the basis of solely automated data processing.
- Introducing a fee for responding to subject access requests and allowing organisations to refuse to comply with requests at a lower threshold than “manifestly unfounded”, as allowed in the current legislation.
The proposals also introduce potential changes to the UK’s Privacy and Electronic Communications Regulations, including:
- Increasing the current maximum penalty of £500,000 for breaches of the direct marketing regulations to the higher of 4% of global turnover or £17.5 million, thereby matching the maximum penalty under UK GDPR.
- Removing the requirement for websites to obtain consent before serving some analytics cookies.
- Extending the “soft opt in” for direct marketing to organisations other than businesses, such as charities and political parties.
First publication: Cyber Law Watch with Noirin McFadden