Enforcement is coming – says CNIL, the French Data Protection Authority.
CNIL published its enforcement priorities for 2019. CNIL will no longer refrain from enforcing new obligations imposed by GDPR, but it will continue...more
Caveat Data Processor.
Italian Data Protection Authority, Garante, has issued a 50,000 EUR fine against a data processor platform for its failures to implement several information security measures....more
The GDPR that stole communion…
Some schools in Ireland have been banning photographs at communion, citing GDPR.
The Irish Data Protection Commission clarified in a guidance titled “Taking Photos at School Events: Where...more
“I have long advocated for privacy protections that include the principles of knowledge, notice and the right to say ‘no’ to companies that want our information. But it is increasingly clear that a true 21st-century...more
The Dutch Data Protection Authority makes six recommendations on drafting your data protection policy, based on its audits of privacy policies of blood banks, IVF clinics and political parties.
A good data protection policy...more
The French Data Protection Agency CNIL recieved 11,077 complaints in 2018, up 32.5 percent compared to 2017.
Other highlights from the CNIL 2018 report-
CNIL carried out 310 investigations in 2018, of which 204 were...more
“Where the sponsor processes personal data of data subjects in the EU, including in the context of managing the clinical trial, GDPR is fully applicable, including the obligation to designate a representative in the...more
“What my bill aims to do is to provide a little bit more regulation, a little bit more oversight, into the information that is being collected on us, about us, every single day without our knowledge — a lot of times without...more
“This call may be recorded for training purposes…if you consent say ‘Consent’.”
The Danish Data Protection Authority (Datatilsynet) has ordered a company to cease recording phone calls for training purposes until it...more
The European Data Protection Board (EDPB) has issued draft guidelines on the GDPR legal basis of “necessary for the performance of a contract”....more
“The crucial, crucial change [GDPR] brought was around accountability. Accountability encapsulates everything the GDPR is about,” says UK Information Commissioner Elizabeth Denham.
Denham said companies must understand the...more
The Canadian Office of the Privacy Commissioner has issued a “consultation on cross border transfers,” detailing its policy and seeking comments from stakeholders....more
How has GDPR enforcement played out in the past year?
The Dutch Data Protection Authority (Autoriteitpersoonsgegevens, or AP) recently published a report on its 2018 activities....more
Some in Congress are renewing calls for strict federal privacy protections.
“We need a privacy bill of rights, a set of protections that is no less stringent than the people of California enjoy, no less protected than the...more
The California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR) apply even to companies with fewer than 250 employees… but they may not know it yet.
A recent study reveals that “Company size...more
GDPR Data minimization in action. Danish Data Protection Authority (Datatilsynet) finds cab company Taxa 4×35’s records retention practices in violation of the GDPR data minimization principle.
The cab company removed names...more
Utah legislators voted unanimously to pass landmark legislation in support of a new privacy law that will protect private electronic data stored with third parties like Google or Facebook from free-range government...more
EDPB on the ePrivacy Directive and GDPR:
In situations where the ePrivacy Directive renders more specific the rules of the GDPR, the provisions of the ePrivacy Directive take precedence over the provisions of the GDPR....more
The “Data Protection Trustmark Certification” (DPTM), promulgated by the Singapore Infocomm Media Development Authority (IMDA) is a voluntary enterprise-wide certification for organizations to demonstrate sound and...more
Data subject access rights and your medical practice: The UK Information Commissioner’s Office (ICO) issues advice.
Medical practices have reported a significant rise in subject access requests (SARs) since the GDPR came...more
A survey shows that most companies are not yet ready for the California Consumer Privacy Act (CCPA), and this includes companies that have undergone compliance processes for the EU General Data Protection Regulation (GDPR)....more
GDPR does NOT:
prohibit a hairdresser from telling a customer what hair color they used on their hair -
prevent the fire department from telling a property management company whether there had been a fire in one of its...more
The European Data Protection Board (EDPB) has weighed in on the ePrivacy Regulation:
EU legislators should intensify efforts towards the adoption of an ePrivacy Regulation, which is necessary to complete the EU’s framework...more
Privacy law experts warn companies not to assume they can comply with the California Consumer Privacy Act (CCPA) because they are in compliance with the EU’s General Data Protection Regulation (GDPR)....more
Data protection and political campaigns – European Data Protection Board (EDPB) issues a statement.
Key points:
Personal data revealing political opinions is a special category of data under the GDPR, and, in most...more