The United Kingdom’s Information Commissioner’s Office has launched a public consultation on how to create a toolkit to help organizations assess whether they have appropriate and effective internal data protection governance...more
The Polish data protection authority has fined a public authority 40,000 Euros for violations of GDPR including:
Failure to execute Article 28 data processing agreements with its service providers....more
We heard recently from French Data Protection Authority CNIL on the topic of Data Protection Impact Assessments (DPIAs). Now, Ireland’s Data Protection Commission has issued its own Guidance Note on DPIAs under The General...more
Latin American Data Protection Authorities and the Spanish Data Protection Authority have issued a joint statement on data processing and Artificial Intelligence....more
The French Data Protection Authority CNIL has issued guidance on types of data processing for which a Data Protection Impact Assessment (DPIA) is not required under GDPR:
HR-related processing, not including profiling, for...more
Privacy Shield lives to shield another year (Part 1).
The European Commission has published its third annual report on Privacy Shield....more
A survey of 777 registered voters in California showed 88 percent would support The California Privacy Rights Enforcement Act (CPREA), a 2020 ballot measure related to expansion of protections for personal information....more
The European Data Protection Board (EDPB) has issued final guidelines on the General Data Protection Resolution's (GDPR) legal basis of "Necessary for the Performance of a Contract" (Article 6(1)(b)....more
The UK’s Information Commissioner’s Office shares its thoughts on the complexity of producing or deleting data used to train machine learning algorithms in data subject requests under GDPR....more
California has amended its data breach notification law to include biometric and other identifiers.
The bill (AB 1130), signed by Gov. Gavin Newsom on October 11, revises the definition of personal information for purposes...more
Sen. Ed Markey , D-Mass., has introduced a bill (S. 2577) imposing considerable obligations on data brokers regarding their handling of personal information....more
For a less conservative take, here are the Ten Commandments of California Consumer Privacy Act Compliance:
• Thou shalt make for yourself a person overseeing privacy compliance in thine corporation....more
On Thursday, October 10, the California Attorney General issued draft regulations for the California Consumer Privacy Act. The regulations are open for public comment until December 6, 2019. Much has been written about the...more
10/14/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Right to Delete
Providers of services that involve the personal information of California residents: What do the proposed CCPA Regs mean for your compliance?...more
The California Attorney General has issued long-awaited draft regulations for the California Consumer Privacy Act (CCPA), which is scheduled to take effect in 2020....more
The Singapore Personal Data Protection Commission has issued guidance on privacy disclosures:
Highlight information that may be of particular concern to individuals, such as purposes of use or situations where personal...more
The Irish Data Protection Commission (DPC) does not have any power to order an organization to pay compensation to an affected data subject.
In the case of administrative fines, any funds collected from these fines go to...more
Consent is not needed for the transfer of personal data from Canada to other countries, says the Canadian Office of the Privacy Commissioner.
Following a consultation on transfers of personal information for processing,...more
The Liechtenstein data protection authority has issued guidance on joint controllership under GDPR:
Examples of joint controllers:
1.If two companies jointly organize a competition in which the name and address are...more
Asking to read an electronic ID card as a condition for the provision of a service (issuing a rewards/loyalty card) is disproportionate and in violation of GDPR, says the Belgian data protection authority. The company was...more
“Since the [EU US Privacy Shield] Framework’s implementation on August 1, 2016, more than 5,000 companies have made public and legally enforceable pledges to protect data transferred from the EU in accordance with the Privacy...more
Three proposed amendments to the California Consumer Privacy Act were themselves amended on September 6. Here is a summary of the major changes, with links to the current version of each proposed amendment:
Until 1/1/2021...more
Click to accept – not always good enough, says the New Zealand Privacy Commissioner.
Companies need to be fully transparent about their data processing practices and take steps to ensure that this is conveyed to the...more
The Spanish AEPD has published a “white list” of data processing operations that DO NOT require a Data Protection Impact Assessment (DPIA) under GDPR:
Processing carried out under guidelines previously established or...more
The Hamburg Data Protection Authority (DPA) laid out guidelines for Google regarding its voice assistant that may reveal what DPAs may be expecting for compliance with GDPR (and some parts may be applicable for CCPA too)...more