U.S. Representative Cathy McMorris Rodgers, the Republican leader of the House Energy and Commerce Committee, and U.S. Representative Gus Bilirakis, the Republican leader for the Consumer Protection and Commerce Subcommittee,...more
The European Data Protection Supervisor (EDPS) has issued an opinion on the European Union Agency for Cybersecurity’s (ENISA) use of the explicit consent derogation as a legal basis for cross border transfers to the US...more
The development of alternative techniques to “third-party” cookies cannot be done at the expense of the right of individuals to protect their personal data and privacy, according to France’s Commission Nationale de...more
The United Kingdom’s Information Commissioner’s Office has released the second chapter in its anonymization guide for public comment.
Here are some key points:
An effective anonymization process seeks to reduce the...more
Datatilsynet Denmark has issued serious criticism — and an injunction — to bring dating app Dating.dk’s data processing into compliance before November 16, 2021. The group says the app failed to acquire user consent in a...more
A new Congressional Research Service report on EU-US Privacy Shield invalidation and its aftermath lists possible options for Congress to facilitate US-EU data flows and a potential enhanced Privacy Shield accord. They...more
The DPA of Uruguay, one of the only countries recognized as “adequate” destinations for cross border data transfers from the European Union – has issued updated guidance on the content of cross border data transfer agreements...more
I spoke this week on Usercentrics’ Tech That Talks program, taking look at personalized ad targeting and the future of cookies.
Among the issues we discussed:...more
The Information Commissioner’s position paper on the UK government’s proposal for a trusted digital identity system provides insight into the interplay between data protection and digital identity.
Key Points-
•Given...more
The Spanish data protection authority AEPD fined Equifax 1 million Euros for processing publicly available personal data unlawfully in violation of the purpose limitation, data minimization and other General Data Protection...more
Even in the absence of a cross-border transfer of personal data from the European Union to a third country, if you are using a vendor that has a U.S. parent company, get ready to implement supplementary measures, says the...more
3/22/2021
/ Corporate Counsel ,
Cross-Border ,
Encryption ,
EU ,
International Data Transfers ,
Parent Corporation ,
Personal Data ,
Risk Assessment ,
Schrems I & Schrems II ,
Sensitive Personal Information ,
Third-Party
An Arizona bill relating to personal data (HB 2865) was reintroduced on February 11, 2021 in the Arizona House of Representatives and passed its second reading on February 15, 2021...more
The United Kingdom’s Information Commissioner’s Office published its action plan for 2021.
Areas of focus include:
•the Age Appropriate Design Code
•data sharing.
•data broking,...more
Norway’s Datatilsynet does not mince words in its Brexit guidance:
“On 31 December 2020, the Brexit transition period will end. This means, among other things, that anyone who transfers personal data to the United Kingdom...more
How does GDPR apply to the transfer of personal data from an EU entity to an international organization?
“Entities subject to the GDPR that exchange personal data with international organisations have to comply with the...more
A new post-Schrems II transfer solution for cloud services?
The EU Cloud Code of Conduct General Assembly, creators of the EU Cloud Code of Conduct, announced work is underway on a proposed legal solution for the transfer...more
“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data...more
Key principles
Definitions-
•Aggregated data and de-identified data: Uses definitions similar to that in the California Consumer Privacy Act (CCPA) requiring a public commitment not to re-identify and contractual...more
The European Data Protection Supervisor has issued guidance on data protection and body temperature taking.
Key takeaways:
•Basic body temperature checks designed to measure body temperature only, operated manually and...more
Poland’s Data Protection Authority UODO weighs in on “employee of the month” postings in the workplace.
•The employer may, under certain conditions, display the best performance results in the workplace, based on his...more
Leaders of key U.S. Senate and House committees wrote to the U.S. Secretary of Commerce and the Chairman of the Federal Trade Commission asking that they work closely and expeditiously with their European counterparts to...more
•The Bailiwick of Guernsey’s Office of Data Protection Authority has stated its position on #SchremsII: You must invest resources into ensuring appropriate safeguards are in place.
•Identify if you have been relying on the...more
Germany’s Datenschutzkonferenz (DSK) issues its guidance on Shrems II:
•The transfer of personal data to the United States based on Privacy Shield is not permitted and must be discontinued immediately...
...more
The European Data Protection Board (EDPB) has issued its much anticipated FAQs on the Court of Justice of the European Union's (CJEU) Schrems II decision. This document does not yet contain the "supplementary measures" that...more
Spanish data protection authority Agencia Española de Protección de Datos (AEPD) has published helpful guidelines on the data protection aspects of using mobile apps intended to control access to places of business while the...more