Jun. 7, 2023

Implications of CJEU Ruling on Compensation for GDPR Claims

E.U. privacy attorneys and activists received some much-awaited clarification last month when the European Court of Justice (CJEU) ruled that not every infringement of the GDPR is eligible for financial compensation. The CJEU additionally declared that a “certain degree of seriousness” must be achieved to qualify for non-material damages and that domestic rules of E.U. Member States should ultimately inform the amount of compensation awarded, if any. This article offers insights on the implications of the decision and compliance advice from attorneys at Cordery, Wiggin and McDermott, Will & Emery, who found the ruling to be largely measured and equitable to those on both sides of privacy complaints. See “Compliance Takeaways From the Latest GDPR Enforcement Statistics” (Feb. 2, 2022).

Impact of State Privacy Laws on the Financial Services Sector

New state privacy laws are challenging financial services companies more than ever to balance their longstanding federal obligations with the new state ones. The states have different carveouts for the Gramm-Leach-Bliley Act (GLBA) that firms must navigate. We offer insights shared by attorneys from Hogan Lovells and in-house counsel for CarMax and Truist at the recent Privacy+Security Forum on key provisions of state privacy laws and the impact and operation of GLBA exemptions, and how the financial services industry is navigating the interplay with new state laws continuing to be introduced. See “CCPA Close-Up: Examining the GLBA Carve-Out and How Financial Institutions Can Evaluate Applicability” (Oct. 9, 2019).

“Risk to Resilience”: CFTC Commissioner Romero Discusses Climate and Cybercrime Risk

Strengthening market resilience against cyber and climate risk are two of CFTC Commissioner Christy Goldsmith Romero’s highest priorities, she reported. This article distills Romero’s observations on these risks, which she shared at the asset management derivatives forum presented by the Futures Industry Association and the Securities Industry and Financial Markets Association earlier this year. See “CFTC Issues $1.5-Million Fine After Phishing Attack” (Oct. 23, 2019).

Addleshaw Goddard Adds Dubai Data and Privacy Leader

Addleshaw Goddard has welcomed partner Kellie Blyth in Dubai to help lead its Middle East technology and data practice. Blyth has advised on the regulation of cross-border data transfers, cloud computing and data processing in the region, as well as counseling on the roll-out of new technology offerings, technology-driven procurement and digital-solutions implementation.