“Since the [EU US Privacy Shield] Framework’s implementation on August 1, 2016, more than 5,000 companies have made public and legally enforceable pledges to protect data transferred from the EU in accordance with the Privacy...more
Three proposed amendments to the California Consumer Privacy Act were themselves amended on September 6. Here is a summary of the major changes, with links to the current version of each proposed amendment:
Until 1/1/2021...more
Click to accept – not always good enough, says the New Zealand Privacy Commissioner.
Companies need to be fully transparent about their data processing practices and take steps to ensure that this is conveyed to the...more
Following a decision from the Court of Justice of the EU, the UK Information Commissioner’s Office changed its guidance on how to calculate the GDPR 30-day time limit for data subject requests....more
“U.S. Senators Dick Durbin (D-IL), Ed Markey (D-MA), and Richard Blumenthal (D-CT) Friday, August 16, 2019, sent letters to numerous education technology (EdTech) companies inquiring about data collection practices on...more
CISO members of the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) published a white paper to help cybersecurity leaders in retail and hospitality prepare for compliance with the California Consumer...more
Privacy notices are required under the European Union’s General Data Protection Regulation even if your data processing is video surveillance/CCTV.
The Romanian Data Protection Authority issued a fine against a company...more
The UK Information Commissioner’s Office (ICO) has joined data protection authorities from around the world in calling for more openness about the proposed Libra digital currency and infrastructure....more
Under the Bahrain Personal Data Protection Law (PDPL), which came into effect on August 1, 2019, organizations need to obtain consent from customers in order to collect, process, store and use their personal information for...more
The Higher Regional Court of Cologne Germany has held that internal recorded statements, conversation notes or telephone notes constitute personal data and copies of them must be disclosed in response to a data access...more
The Hellenic DPA has issued an opinion regarding the appropriate legal basis for processing employee data under GDPR:
Consent should be used as the legal basis only where the other legal bases do not apply....more
A Facebook “like” is actually more like “in a [Joint Controller] relationship” status, says the Court of Justice of the EU in a long awaited decision in the Fashion ID matter.
At issue: The legal framework surrounding...more
Web crawling and data protection: CNIL has issued a 180,000 EUR fine against a provider of automobile insurance policies for failure to adequately protect data in violation of GDPR, specifically citing disallowing web...more
The European Commission has published a report looking at the impact of the EU data protection rules, and how implementation can be improved further....more
“The decision to impose documentation requirements, rather than bright line rules, represents a significant departure from how the government traditionally aims to protect the public. It is akin to if federal regulators,...more
Big Picture Takeaways:
Facebook faces many detailed requirements for internal and external governance and oversight with extensive reporting requirements...more
7/25/2019
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Facebook ,
Federal Trade Commission (FTC) ,
Fines ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
Social Media
Italian Data protection Authority, Garante privacy, ordered a company that did not acquire granular consent for marketing from members of its loyalty programs to:
(i) stop processing personal data for marketing purposes...more
Strict is for cookie, that’s good enough for me.
The United Kingdom’s Information Commissioner’s Office highlights “strictly necessary” cookies:
Strictly necessary cookies are cookies which are essential, not just nice...more
Analytics cookies in the crossfire.
Different approaches set forth in the CNIL Guidance and in the ICO cookie guidance.
CNIL – Set list of terms to qualify for an exemption from the need to obtain consent....more
The Dutch Data Protection Authority has levied a fine of 460,000 euros on Haga Hospital for insufficient security following an investigation revealing that dozens of hospital staff had unnecessarily checked the medical...more
The European Data Protection Board (EDPB) has issued an opinion on the standard contractual clauses proposed by the Denmark Data Protection Authority that contains important takeaways for drafting and negotiating of all...more
The European Data Protection Board has issued an opinion on lead supervisory authority in the event of a change of location of the main establishment of an organization....more
Milk, meat, fruits, breads … and data protection.
These are the new food groups for your M&A deal.
Just 24 hours after the notice of intent to fine British Airways 183 Million GBP, the UK ICO issued an intent to fine...more
7/10/2019
/ Acquisitions ,
British Airways ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Due Diligence ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Mergers ,
Popular ,
UK
If you wait for them, the big General Data Protection Regulation (GDPR) fines will come.
UK Data protection authority, ICO, announced its intent to fine British Airways 183 million GBP (1.5 percent of annual revenue) for a...more
7/9/2019
/ British Airways ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Popular ,
UK
The FTC has entered into a consent order with a sole proprietor for a failure to implement reasonable protections of personal information....more