The GDPR journey has not been wonderful.
NOYB has 800 cases out and the enforcement process is difficult because procedural law is different in different countries....more
Helen Dixon, Ireland’s Data Protection Commissioner, gave the keynote speech during the closing session of the International Association of Privacy Professionals’ Data Protection Congress in Brussels.
Here are a few of...more
The Information Commissioner’s position paper on the UK government’s proposal for a trusted digital identity system provides insight into the interplay between data protection and digital identity.
Key Points-
•Given...more
If at first (and second) you don’t succeed, try try again. The European Union and United States are gearing up for “Privacy Shield 2.0” to address the difficulties faced by tens of thousands of companies in the wake of the...more
Brace yourselves, the post-Schrems II supplemental measures are coming!
The European Data Protection Board adopted recommendations on measures that supplement transfer tools to ensure compliance with the European Union...more
Norway's Data Protection Authority, Datatilsynet Norway, issued a Q&A on cross-border transfers in the wake of the Schrems II ruling-
Key Takeaways-
•Access to European Union data from a third country constitutes a...more
How does GDPR apply to the transfer of personal data from an EU entity to an international organization?
“Entities subject to the GDPR that exchange personal data with international organisations have to comply with the...more
The Data Protection Authority of Rhineland-Palatinate, Germany has issued FAQs on Schrems II, weighing in on the EU-U.S. Privacy Shield and Standard Contractual Clauses. The guidance comes on the heels of FAQs issued recently...more
A new post-Schrems II transfer solution for cloud services?
The EU Cloud Code of Conduct General Assembly, creators of the EU Cloud Code of Conduct, announced work is underway on a proposed legal solution for the transfer...more
Germany’s Datenschutzkonferenz (DSK) issues its guidance on Shrems II:
•The transfer of personal data to the United States based on Privacy Shield is not permitted and must be discontinued immediately...
...more
The European Data Protection Board has issued a statement on the adoption by the Hungarian government of derogations from certain data protection and access to information provisions of the European Union's General Data...more
The European Data Protection Board (EDPB) adopted a letter concerning the European Commission's draft guidance on apps supporting the fight against the COVID-19 pandemic.
Key Takeaways-
•The EDPB welcomes the Commission’s...more
Ireland’s Data Protection Commission weighs in on the issue of COVID-19 and data access requests:
“The Data Protection Commission acknowledges the significant impact of the Covid-19 health crisis which may affect...more
After many data protection authorities (in the European Union and beyond) provided guidance and FAQ's on the relationship between COVID-19 (Coronavirus) and data protection laws (e.g. GDPR), the European Data Protection Board...more
The auto-complete function is not prohibited by GDPR, says the Danish data protection authority.
The search function suggested certain search suggestions automatically including the complainant’s name....more
The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR.
Key takeaways:
You need to develop, embed and maintain a culture of data protection in your processing activities, with...more
The European Data Protection Board (EDPB) has issued final guidelines on the General Data Protection Resolution's (GDPR) legal basis of "Necessary for the Performance of a Contract" (Article 6(1)(b)....more
The UK’s Information Commissioner’s Office shares its thoughts on the complexity of producing or deleting data used to train machine learning algorithms in data subject requests under GDPR....more
The Liechtenstein data protection authority has issued guidance on joint controllership under GDPR:
Examples of joint controllers:
1.If two companies jointly organize a competition in which the name and address are...more
Tardiness with transposing data protection laws comes with a hefty fine.
The European Commission is asking the Court of Justice of the European Union to impose financial sanctions on Greece and Spain for failing to...more
The European Commission has published a report looking at the impact of the EU data protection rules, and how implementation can be improved further....more
The European Data Protection Board (EDPB) has issued an opinion on the standard contractual clauses proposed by the Denmark Data Protection Authority that contains important takeaways for drafting and negotiating of all...more
If you retain personal data indefinitely, or have not given thought to your retention schedule – now may be the time to take another look.
The Danish Data Protection Authority has fined a furniture store 200,000 EUR for...more
The European Data Protection Report’s first annual report on GDPR, “1 Year GDPR — Taking Stock,” shows public awareness of the European Union’s data protection regime is growing....more
The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR....more