Helen Dixon, Ireland’s Data Protection Commissioner, gave the keynote speech during the closing session of the International Association of Privacy Professionals’ Data Protection Congress in Brussels.
Here are a few of...more
The Information Commissioner’s position paper on the UK government’s proposal for a trusted digital identity system provides insight into the interplay between data protection and digital identity.
Key Points-
•Given...more
Garante, the Italian data protection authority, has issued FAQ's on CCTV surveillance and data protection. Highlighting the European Data Protection Board's (EDPB) guidelines on the topic, here are some takeaways:
Area of...more
“I worry that we are caught in a DPA (Data Protection Authority) beauty contest of who issues the bigger fine,” said Ireland Data Protection Commissioner Helen Dixon in her keynote for Daniel Solove’s Privacy+Security Academy...more
On the heels of the Court of Justice of the European Union’s decision in Schrems II, Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) has determined that the U.S.-Swiss Privacy Shield does not meet...more
According to Italian Data Protection Authority Garante Per La Protezione Dei Dati Personale, The COVID-19 emergency does not automatically, and in itself, represent a sufficient legal basis for particularly invasive data...more
•The Bailiwick of Guernsey’s Office of Data Protection Authority has stated its position on #SchremsII: You must invest resources into ensuring appropriate safeguards are in place.
•Identify if you have been relying on the...more
Coronavirus and GDPR , the Spanish AEPD weighs in:
•Data protection should not be used to hinder or limit the effectiveness of the measures taken by authorities in the fight against the pandemic.
•Consent may not be...more
Tell me, don’t sell me, the GDPR version.
The Dutch Data Protection Authority (AP) has imposed a fine of 525,000 euros on tennis association KNLTB for selling personal data without proper consent....more
The Belgian data protection authority has published for public consultation its priorities for 2019-2025....more
In a statement of its priorities over the next year, French data privacy regulator CNIL emphasizes the importance of a balanced approach to data protection regulation....more
How compliant is that cookie in the window?
The Dutch Data Protection Authority (AP) carried out a check on approximately 175 websites of web shops, municipalities and media, among other things, to determine whether they...more
The Polish data protection authority has fined ClickQuickNow €47,126.97 for violating the General Data Protection Regulation (GDPR) by requiring too difficult a process for revoking consent....more
The auto-complete function is not prohibited by GDPR, says the Danish data protection authority.
The search function suggested certain search suggestions automatically including the complainant’s name....more
According to the NewEurope newspaper, “Sweden’s data protection authority has approved the use of facial recognition technology by the police, to help identify criminal suspects.”...more
The Dutch DPA has issued guidance on the use of “legitimate interest” as a legal basis for processing data under GDPR.
Key takeaways on what constitutes “legitimate”:
The interest needs to be pursuant to a written or...more
The Polish data protection authority has fined a public authority 40,000 Euros for violations of GDPR including:
Failure to execute Article 28 data processing agreements with its service providers....more
Latin American Data Protection Authorities and the Spanish Data Protection Authority have issued a joint statement on data processing and Artificial Intelligence....more
The European Commission expects the U.S. Department of Commerce (DoC) to request from companies evidence of the privacy provisions of the relevant contracts with third parties to assess compliance with the onward transfer...more
On the heels of the Planet49 decision, the Spanish data protection authority AEPD has fined Vueling Airlines €30,000 (reduced to €18,000 for payment in full) for failure to provide a compliant cookie disclosure/consent under...more
The Danish Data Protection Authority has changed its position regarding the legal basis for posting pictures online under the General Data Protection Regulation (GDPR). Rather than a distinction between "situational" and...more
Asking to read an electronic ID card as a condition for the provision of a service (issuing a rewards/loyalty card) is disproportionate and in violation of GDPR, says the Belgian data protection authority. The company was...more
Who is responsible for putting a GDPR Article 28 Data Processing Agreement in place?
Dutch Data Protection Authority, Autoreitpersoonsgegevens, says: BOTH the data controller and the data processor....more
The Hamburg Data Protection Authority (DPA) laid out guidelines for Google regarding its voice assistant that may reveal what DPAs may be expecting for compliance with GDPR (and some parts may be applicable for CCPA too)...more
Privacy notices are required under the European Union’s General Data Protection Regulation even if your data processing is video surveillance/CCTV.
The Romanian Data Protection Authority issued a fine against a company...more