India enacted its new Digital Personal Data Protection Act last year. Here are some key takeaways regarding the law, courtesy of Sajai Singh, a partner at J. Sagar Associates in India. Singh spoke recently at Alpine Privacy...more
The Office of the Data Protection Authority of the Bailiwick of Guernsey has issued concise guide on the definition of consent.
This is helpful not only for GDPR, but also for understanding and implementing consent under the...more
Are test questions and answers personal data that needs to be provided pursuant to an access request? A German court recently weighed in, providing some good insight regarding both GDPR and U.S. state data privacy laws....more
The state of Oregon has passed a comprehensive data protection law (SB0619), which will go into effect in July 2024. What do you need to know about SB0619, also known as the Oregon Consumer Privacy Act?...more
12/4/2023
/ Biometric Information ,
Data Controller ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Oregon ,
Personal Data ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws
Ireland’s Data Protection Commission has fined Meta €1.2 billion. What, however, did the commission say in the case about using Art 49 derogations for transfers to the U.S.? An overview: I will discuss the Meta decision...more
Colorado Attorney General Phil Weiser has published revisions to the Colorado Privacy Act rules, as well as some additional questions for public feedback.
His questions include:
What are the pros and cons of using IP...more
After the recent Court of Justice of the European Union decision on sensitive inferences that can be drawn from the name of your spouse, it is fair to ask: Is everything sensitive data (special category data)?...more
Colorado has released draft rules to supplement the Colorado Privacy Act, which was enacted in July 2021.
Generally, the rules reflect the obligations that were expected from the use of language similar to that in the...more
What does the Court of Justice of the European Union (CJEU) Advocate General’s opinion in the case of Meta vs. the German Bundeskartellamt tell us regarding the scope of what constitutes “sensitive information,” “contractual...more
Singapore Personal Data Protection Commission (PDPC) has published a guide on data protection in the blockchain.
Some key points:
Permissionless blockchain:
•Any personal data published in-clear is a form of public...more
Does vehicle service data for services performed on a vehicle while owned by a previous owner belong to the new owner and need to be provided as part of a GDPR Access request?...more
What does the United Kingdom's Information Commissioner's Office's draft guidance say about governance and anonymization? Why is it important for GDPR and for the host of new US Privacy laws, including CPRA, CDPA and CPA? ...more
If you use a U.S.-based sub processor (even for data processed in the EU), you lose, the German administrative court of Wiesbaden said in an interim decision.
No transfer. No worries. TIA anyway...more
What does the U.K. Information Commissioner’s Office have to say about what it takes for adtech initiatives to be compliant with data protection?
“There is an opportunity for market participants to move towards developing...more
11/30/2021
/ Adtech ,
Cookies ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data-Sharing ,
First-Party Coverage ,
Information Commissioner's Office (ICO) ,
Personal Data ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Third-Party ,
UK ,
Web Tracking
Data Protection Commission Ireland has issued a report on the responses it received to its public consultation on its guidance on children’s rights.
Of particular note is the careful consideration the commission gave the...more
The European Data Protection Board has issued draft guidelines on the interplay between Art 3.2 and Chapter V of GDPR. And they also have finally defined the term “transfer.”
Here are some key takeaways:...more
U.S. Representative Cathy McMorris Rodgers, the Republican leader of the House Energy and Commerce Committee, and U.S. Representative Gus Bilirakis, the Republican leader for the Consumer Protection and Commerce Subcommittee,...more
The European Data Protection Supervisor (EDPS) has issued an opinion on the European Union Agency for Cybersecurity’s (ENISA) use of the explicit consent derogation as a legal basis for cross border transfers to the US...more
The development of alternative techniques to “third-party” cookies cannot be done at the expense of the right of individuals to protect their personal data and privacy, according to France’s Commission Nationale de...more
The United Kingdom’s Information Commissioner’s Office has released the second chapter in its anonymization guide for public comment.
Here are some key points:
An effective anonymization process seeks to reduce the...more
Datatilsynet Denmark has issued serious criticism — and an injunction — to bring dating app Dating.dk’s data processing into compliance before November 16, 2021. The group says the app failed to acquire user consent in a...more
A new Congressional Research Service report on EU-US Privacy Shield invalidation and its aftermath lists possible options for Congress to facilitate US-EU data flows and a potential enhanced Privacy Shield accord. They...more
The DPA of Uruguay, one of the only countries recognized as “adequate” destinations for cross border data transfers from the European Union – has issued updated guidance on the content of cross border data transfer agreements...more
I spoke this week on Usercentrics’ Tech That Talks program, taking look at personalized ad targeting and the future of cookies.
Among the issues we discussed:...more
The Information Commissioner’s position paper on the UK government’s proposal for a trusted digital identity system provides insight into the interplay between data protection and digital identity.
Key Points-
•Given...more