Gareth Kristensen

Subscribe to Gareth Kristensen's Posts
Contact: Read more about Gareth Kristensen

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.

As the value of data continues to increase exponentially, so too do the associated risks, including risk of cyberattacks, data breaches or data-related litigation, as well as rising regulation throughout the world

On January 4, 2023, the Irish Data Protection Commission (the “DPC”) announced it issued two decisions that have wide relevance for the adtech industry.  The decisions focus on the extent to which businesses can rely on the GDPR legal basis of ‘performance of a contract’ to justify delivering behavioural advertising to users without separately seeking their consent. 

Continue Reading Irish Data Protection Commission’s decisions regarding Facebook and Instagram

On December 13, 2022, the European Commission (“Commission”) formally launched the process to adopt an adequacy decision for the EU – U.S. Data Privacy Framework and proposed a draft adequacy decision concerning personal data transfers to the U.S. (available here).

Continue Reading The Draft Adequacy Decision on the EU-US Data Privacy Framework

On 24 November 2022, the UK government announced its adequacy decision for the Republic of Korea, which will allow UK organizations to share personal data with Korean organizations more freely under the UK General Data Protection Regulation (“UK GDPR”).

Continue Reading The United Kingdom and the Republic of Korea Finalize Data Sharing Agreement

The Information Commissioner’s Office (“ICO”) has opened a consultation on new draft guidance on monitoring at work (the “Draft Guidance”).  The Draft Guidance applies in both the private and public sectors in respect of any worker, a term which is used to include employees as well as non-employee workers, independent contractors and volunteers.
Continue Reading UK ICO Issues Draft Guidance on Monitoring at Work

Today, after over two years of detailed negotiations, President Joe Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the “Order”)  outlining steps the U.S. will take to implement its commitments under the European Union-U.S. Data Privacy Framework, originally announced by President Biden and European Commission President Ursula von der Leyen in March of 2022 (as previously discussed here).[1]
Continue Reading President Biden Signs Executive Order on New EU-US Data Privacy Framework

On September 5, 2022, following the election of the new UK Prime Minister, the UK Government decided not to proceed with the second reading and other motions relating to the Data Protection and Digital Information Bill (the “Bill”), which was due to have taken place on the same day.  According to the Leader of the House of Commons, this Bill was pulled as “to allow Ministers to consider the legislation further”.
Continue Reading UK’s Data Protection and Digital Information Bill: An Uncertain Direction

On May 3, 2022, the European Commission published its proposal for a regulation on the “European Health Data Space”.

The EHDS is a talismanic European healthtech initiative that could revolutionize access to a deeper pool of EU-wide health data and unlock significant tech, AI and data analytics innovation.  As a core part of the Commission’s