A new decision by the United Kingdom’s high court says that even if you have cookie and marketing consent mechanisms that are sufficient for valid consent under privacy laws for the general public, they may not be enough for...more
1/31/2025
/ Consent ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Collection ,
Data Privacy ,
Data Protection ,
Gambling ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
UK ,
UK GDPR
App permissions do not satisfy the requirements for valid consent for the purpose of GDPR because they lack sufficient detail and granularity, according to the Commission Nationale de l’Informatique et des Libertés (CNIL)....more
1/17/2025
/ CNIL ,
Compliance ,
Consent ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Personal Data ,
Privacy Laws ,
Privacy Policy
There is more to learn from the European Data Protection Board’s recent opinion on AI models. I previously reviewed the EDPB’s take on what the consequences could be for the unlawful processing of personal data in the...more
The European Data Protection Board’s recent opinion on AI models can be useful in several ways. Last week, I covered EDPB’s take on what the consequences could be for the unlawful processing of personal data in the...more
The European Data Protection Board recently issued an opinion on AI models, shedding light on what the consequences could be for the unlawful processing of personal data in the development phase of an AI model on the...more
There is a new wave of lawsuits pertaining to data sharing in the automotive industry. What are we discussing with our clients?
•Personal data is broader than you think: Things like average speed; acceleration events, hard...more
India enacted its new Digital Personal Data Protection Act last year. Here are some key takeaways regarding the law, courtesy of Sajai Singh, a partner at J. Sagar Associates in India. Singh spoke recently at Alpine Privacy...more
The Office of the Data Protection Authority of the Bailiwick of Guernsey has issued concise guide on the definition of consent.
This is helpful not only for GDPR, but also for understanding and implementing consent under the...more
Are test questions and answers personal data that needs to be provided pursuant to an access request? A German court recently weighed in, providing some good insight regarding both GDPR and U.S. state data privacy laws....more
The state of Oregon has passed a comprehensive data protection law (SB0619), which will go into effect in July 2024. What do you need to know about SB0619, also known as the Oregon Consumer Privacy Act?...more
12/4/2023
/ Biometric Information ,
Data Controller ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Oregon ,
Personal Data ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws
Ireland’s Data Protection Commission has fined Meta €1.2 billion. What, however, did the commission say in the case about using Art 49 derogations for transfers to the U.S.? An overview: I will discuss the Meta decision...more
Colorado Attorney General Phil Weiser has published revisions to the Colorado Privacy Act rules, as well as some additional questions for public feedback.
His questions include:
What are the pros and cons of using IP...more
After the recent Court of Justice of the European Union decision on sensitive inferences that can be drawn from the name of your spouse, it is fair to ask: Is everything sensitive data (special category data)?...more
Colorado has released draft rules to supplement the Colorado Privacy Act, which was enacted in July 2021.
Generally, the rules reflect the obligations that were expected from the use of language similar to that in the...more
What does the Court of Justice of the European Union (CJEU) Advocate General’s opinion in the case of Meta vs. the German Bundeskartellamt tell us regarding the scope of what constitutes “sensitive information,” “contractual...more
Singapore Personal Data Protection Commission (PDPC) has published a guide on data protection in the blockchain.
Some key points:
Permissionless blockchain:
•Any personal data published in-clear is a form of public...more
Does vehicle service data for services performed on a vehicle while owned by a previous owner belong to the new owner and need to be provided as part of a GDPR Access request?...more
What does the United Kingdom's Information Commissioner's Office's draft guidance say about governance and anonymization? Why is it important for GDPR and for the host of new US Privacy laws, including CPRA, CDPA and CPA? ...more
If you use a U.S.-based sub processor (even for data processed in the EU), you lose, the German administrative court of Wiesbaden said in an interim decision.
No transfer. No worries. TIA anyway...more
What does the U.K. Information Commissioner’s Office have to say about what it takes for adtech initiatives to be compliant with data protection?
“There is an opportunity for market participants to move towards developing...more
11/30/2021
/ Adtech ,
Cookies ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data-Sharing ,
First-Party Coverage ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Third-Party ,
UK ,
Web Tracking
Data Protection Commission Ireland has issued a report on the responses it received to its public consultation on its guidance on children’s rights.
Of particular note is the careful consideration the commission gave the...more
The European Data Protection Board has issued draft guidelines on the interplay between Art 3.2 and Chapter V of GDPR. And they also have finally defined the term “transfer.”
Here are some key takeaways:...more
U.S. Representative Cathy McMorris Rodgers, the Republican leader of the House Energy and Commerce Committee, and U.S. Representative Gus Bilirakis, the Republican leader for the Consumer Protection and Commerce Subcommittee,...more
The European Data Protection Supervisor (EDPS) has issued an opinion on the European Union Agency for Cybersecurity’s (ENISA) use of the explicit consent derogation as a legal basis for cross border transfers to the US...more
The development of alternative techniques to “third-party” cookies cannot be done at the expense of the right of individuals to protect their personal data and privacy, according to France’s Commission Nationale de...more