The Dutch DPA has issued guidance on the use of “legitimate interest” as a legal basis for processing data under GDPR.
Key takeaways on what constitutes “legitimate”:
The interest needs to be pursuant to a written or...more
Do the draft CCPA Regulations make a big difference in compliance costs where it comes to privacy notices? Standardized Regulatory Impact Assessment (SRIA) of the economic impact of the draft CCPA Regulations says – maybe...more
The California Attorney General considered and rejected the creation of a safe harbor exemption from the CCPA for businesses that are already complying with GDPR, says the statement of reasons that accompanies the draft CCPA...more
On November 1st of last year, businesses became subject to new mandatory breach reporting regulations under Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act...more
Google Analytics is in the crossfire in Germany.
The data protection authorities of the German states are being flooded with complaints, approximately 200,000 in number, regarding deployment of the Google Analytics service...more
The United Kingdom’s Information Commissioner’s Office has launched a public consultation on how to create a toolkit to help organizations assess whether they have appropriate and effective internal data protection governance...more
The Polish data protection authority has fined a public authority 40,000 Euros for violations of GDPR including:
Failure to execute Article 28 data processing agreements with its service providers....more
We heard recently from French Data Protection Authority CNIL on the topic of Data Protection Impact Assessments (DPIAs). Now, Ireland’s Data Protection Commission has issued its own Guidance Note on DPIAs under The General...more
Latin American Data Protection Authorities and the Spanish Data Protection Authority have issued a joint statement on data processing and Artificial Intelligence....more
Privacy Shield lives to shield another year (Part 1).
The European Commission has published its third annual report on Privacy Shield....more
A survey of 777 registered voters in California showed 88 percent would support The California Privacy Rights Enforcement Act (CPREA), a 2020 ballot measure related to expansion of protections for personal information....more
The European Data Protection Board (EDPB) has issued final guidelines on the General Data Protection Resolution's (GDPR) legal basis of "Necessary for the Performance of a Contract" (Article 6(1)(b)....more
California has amended its data breach notification law to include biometric and other identifiers.
The bill (AB 1130), signed by Gov. Gavin Newsom on October 11, revises the definition of personal information for purposes...more
For a less conservative take, here are the Ten Commandments of California Consumer Privacy Act Compliance:
• Thou shalt make for yourself a person overseeing privacy compliance in thine corporation....more
On Thursday, October 10, the California Attorney General issued draft regulations for the California Consumer Privacy Act. The regulations are open for public comment until December 6, 2019. Much has been written about the...more
10/14/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Right to Delete
Providers of services that involve the personal information of California residents: What do the proposed CCPA Regs mean for your compliance?...more
The California Attorney General has issued long-awaited draft regulations for the California Consumer Privacy Act (CCPA), which is scheduled to take effect in 2020....more
A local Munich court has interpreted the right of access under Article 15 of GDPR and German law. Here are some key takeaways for GDPR and for consumer access requests under CCPA:
The right of access under GDPR is a...more
The Irish Data Protection Commission (DPC) does not have any power to order an organization to pay compensation to an affected data subject.
In the case of administrative fines, any funds collected from these fines go to...more
The Court of Justice of the European Union has issued its Planet 49 decision.
Key takeaways:
A pre-checked check box is not sufficient consent for the placement of cookies....more
The Liechtenstein data protection authority has issued guidance on joint controllership under GDPR:
Examples of joint controllers:
1.If two companies jointly organize a competition in which the name and address are...more
The Danish Data Protection Authority has changed its position regarding the legal basis for posting pictures online under the General Data Protection Regulation (GDPR). Rather than a distinction between "situational" and...more
Who is responsible for putting a GDPR Article 28 Data Processing Agreement in place?
Dutch Data Protection Authority, Autoreitpersoonsgegevens, says: BOTH the data controller and the data processor....more
“Since the [EU US Privacy Shield] Framework’s implementation on August 1, 2016, more than 5,000 companies have made public and legally enforceable pledges to protect data transferred from the EU in accordance with the Privacy...more
Three proposed amendments to the California Consumer Privacy Act were themselves amended on September 6. Here is a summary of the major changes, with links to the current version of each proposed amendment:
Until 1/1/2021...more