EU Data Protection Agencies have been vigorously enforcing violations of regional and national data protection law in recent years against U.S. tech companies but few changes have been made to their business model of exchanging free services for personal data. With the Cambridge Analytica...

Prior to the application of the EU General Data Protection Regulation (GDPR), one of the results of the relatively-low-level of legislatively permitted data protection violation administrative fines was, arguably, a lack of compliance by U.S. Tech Giants, among others. At least on paper, this...

The new EU General Data Protection Regulation (GDPR) establishes requirements (and certain incentives) for internal compliance mechanisms that do not exist in current legislation. These requirements, which will have an impact on internal processes and staffing of firms, such as the requirement...

The European Union Agency for Network and Information Security (ENISA), is one of the “third generation” of EU agencies, active in the area of cybersecurity. Over a period of years this expert agency’s fundamental regulation has been amended and replaced, and its governing bodies modified....

This article investigates various developments over that year that helped (or are helping) reshape European Union data privacy law, building around two important events: the Court of Justice of the European Union's Google Spain decision, applying a form of a "right to be forgotten," and the...