The United Kingdom’s Information Commissioner’s Office has released the second chapter in its anonymization guide for public comment.
Here are some key points:
An effective anonymization process seeks to reduce the...more
Datatilsynet Denmark has issued serious criticism — and an injunction — to bring dating app Dating.dk’s data processing into compliance before November 16, 2021. The group says the app failed to acquire user consent in a...more
A new Congressional Research Service report on EU-US Privacy Shield invalidation and its aftermath lists possible options for Congress to facilitate US-EU data flows and a potential enhanced Privacy Shield accord. They...more
The DPA of Uruguay, one of the only countries recognized as “adequate” destinations for cross border data transfers from the European Union – has issued updated guidance on the content of cross border data transfer agreements...more
I spoke this week on Usercentrics’ Tech That Talks program, taking look at personalized ad targeting and the future of cookies.
Among the issues we discussed:...more
The Information Commissioner’s position paper on the UK government’s proposal for a trusted digital identity system provides insight into the interplay between data protection and digital identity.
Key Points-
•Given...more
The Spanish data protection authority AEPD fined Equifax 1 million Euros for processing publicly available personal data unlawfully in violation of the purpose limitation, data minimization and other General Data Protection...more
Even in the absence of a cross-border transfer of personal data from the European Union to a third country, if you are using a vendor that has a U.S. parent company, get ready to implement supplementary measures, says the...more
3/22/2021
/ Corporate Counsel ,
Cross-Border ,
Encryption ,
EU ,
International Data Transfers ,
Parent Corporation ,
Personal Data ,
Risk Assessment ,
Schrems I & Schrems II ,
Sensitive Personal Information ,
Third-Party
An Arizona bill relating to personal data (HB 2865) was reintroduced on February 11, 2021 in the Arizona House of Representatives and passed its second reading on February 15, 2021...more
The United Kingdom’s Information Commissioner’s Office published its action plan for 2021.
Areas of focus include:
•the Age Appropriate Design Code
•data sharing.
•data broking,...more
Norway’s Datatilsynet does not mince words in its Brexit guidance:
“On 31 December 2020, the Brexit transition period will end. This means, among other things, that anyone who transfers personal data to the United Kingdom...more
How does GDPR apply to the transfer of personal data from an EU entity to an international organization?
“Entities subject to the GDPR that exchange personal data with international organisations have to comply with the...more
A new post-Schrems II transfer solution for cloud services?
The EU Cloud Code of Conduct General Assembly, creators of the EU Cloud Code of Conduct, announced work is underway on a proposed legal solution for the transfer...more
“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data...more
Key principles
Definitions-
•Aggregated data and de-identified data: Uses definitions similar to that in the California Consumer Privacy Act (CCPA) requiring a public commitment not to re-identify and contractual...more
The European Data Protection Supervisor has issued guidance on data protection and body temperature taking.
Key takeaways:
•Basic body temperature checks designed to measure body temperature only, operated manually and...more
Poland’s Data Protection Authority UODO weighs in on “employee of the month” postings in the workplace.
•The employer may, under certain conditions, display the best performance results in the workplace, based on his...more
Leaders of key U.S. Senate and House committees wrote to the U.S. Secretary of Commerce and the Chairman of the Federal Trade Commission asking that they work closely and expeditiously with their European counterparts to...more
•The Bailiwick of Guernsey’s Office of Data Protection Authority has stated its position on #SchremsII: You must invest resources into ensuring appropriate safeguards are in place.
•Identify if you have been relying on the...more
Germany’s Datenschutzkonferenz (DSK) issues its guidance on Shrems II:
•The transfer of personal data to the United States based on Privacy Shield is not permitted and must be discontinued immediately...
...more
The European Data Protection Board (EDPB) has issued its much anticipated FAQs on the Court of Justice of the European Union's (CJEU) Schrems II decision. This document does not yet contain the "supplementary measures" that...more
Spanish data protection authority Agencia Española de Protección de Datos (AEPD) has published helpful guidelines on the data protection aspects of using mobile apps intended to control access to places of business while the...more
To extend or not to extend?
AB 1281, extending the employee and B2B exemptions for the California Consumer Privacy Act, has been amended in the California Senate.
Previously a bill dealing with limitations on facial...more
The IAPP – International Association of Privacy Professionals provides a helpful infographic on questions to ask concerning data collected when performing COVID-19 testing.....more
A group of Republican U.S. senators plan to introduce legislation to protect user privacy in relation to contact-tracing apps used to combat the spread of COVID-19.
“While the severity of the COVID-19 health crisis cannot...more