Following a decision from the Court of Justice of the EU, the UK Information Commissioner’s Office changed its guidance on how to calculate the GDPR 30-day time limit for data subject requests....more
“U.S. Senators Dick Durbin (D-IL), Ed Markey (D-MA), and Richard Blumenthal (D-CT) Friday, August 16, 2019, sent letters to numerous education technology (EdTech) companies inquiring about data collection practices on...more
CISO members of the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) published a white paper to help cybersecurity leaders in retail and hospitality prepare for compliance with the California Consumer...more
Privacy notices are required under the European Union’s General Data Protection Regulation even if your data processing is video surveillance/CCTV.
The Romanian Data Protection Authority issued a fine against a company...more
The UK Information Commissioner’s Office (ICO) has joined data protection authorities from around the world in calling for more openness about the proposed Libra digital currency and infrastructure....more
Under the Bahrain Personal Data Protection Law (PDPL), which came into effect on August 1, 2019, organizations need to obtain consent from customers in order to collect, process, store and use their personal information for...more
The Higher Regional Court of Cologne Germany has held that internal recorded statements, conversation notes or telephone notes constitute personal data and copies of them must be disclosed in response to a data access...more
The Belgian Data Protection Authority holds that a Data Protection Officer (DPO) may not himself/herself delete personal information of a data subject.
Doing so constitutes a violation of the General Data Protection...more
The Hellenic DPA has issued an opinion regarding the appropriate legal basis for processing employee data under GDPR:
Consent should be used as the legal basis only where the other legal bases do not apply....more
Tardiness with transposing data protection laws comes with a hefty fine.
The European Commission is asking the Court of Justice of the European Union to impose financial sanctions on Greece and Spain for failing to...more
Web crawling and data protection: CNIL has issued a 180,000 EUR fine against a provider of automobile insurance policies for failure to adequately protect data in violation of GDPR, specifically citing disallowing web...more
The European Commission has published a report looking at the impact of the EU data protection rules, and how implementation can be improved further....more
“The decision to impose documentation requirements, rather than bright line rules, represents a significant departure from how the government traditionally aims to protect the public. It is akin to if federal regulators,...more
The United Kingdom’s Information Commissioners Office (ICO) has issued, for public consultation, draft guidelines for data sharing that—once adopted —will govern all controller-to-controller data sharing agreements which are...more
Big Picture Takeaways:
Facebook faces many detailed requirements for internal and external governance and oversight with extensive reporting requirements...more
7/25/2019
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Facebook ,
Federal Trade Commission (FTC) ,
Fines ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
Social Media
Italian Data protection Authority, Garante privacy, ordered a company that did not acquire granular consent for marketing from members of its loyalty programs to:
(i) stop processing personal data for marketing purposes...more
The French privacy regulator CNIL has released guidance on how to comply with the European Union’s General Data Protection Regulation (GDPR) when using cookies and other web tracking technologies that are an integral part of...more
The European Data Protection Board (EDPB) publishes it’s first annual report and reveals a road map for guidance to come.
In 2019 and 2020, the EDPB aims to focus on data subjects’ rights, the concept of the controller and...more
Questions to ask when sharing data between two data controllers (from the ICO Data Sharing Code of Conduct):
What is the sharing meant to achieve?...more
Checklist for drafting your controller-controller data sharing agreement (from the ICO Data Sharing Code of Conduct now out for public consultation):
What is the purpose of the data sharing initiative?...more
The Dutch Data Protection Authority has levied a fine of 460,000 euros on Haga Hospital for insufficient security following an investigation revealing that dozens of hospital staff had unnecessarily checked the medical...more
The European Data Protection Board has issued guidance on the use of video surveillance.
Key takeaways:
The monitoring purposes of cameras should be documented in writing....more
The UK Information Commissioner’s Office has issued a data sharing code of conduct for public consultation.
Key takeaways:
When considering sharing data, assess your overall compliance with the data protection...more
The European Data Protection Board (EDPB) has issued an opinion on the standard contractual clauses proposed by the Denmark Data Protection Authority that contains important takeaways for drafting and negotiating of all...more
The European Data Protection Board has issued an opinion on lead supervisory authority in the event of a change of location of the main establishment of an organization....more