California Attorney General Xavier Becerra issued an alert reminding consumers of their data privacy rights amid the COVID-19 public health emergency.
This included a specific reference to CCPA and the rights granted under...more
Coronavirus and Data Protection guidance from the Catalan Data Protection Authority:
•Under Articles 6.1.(e) and 9.2.(i) GDPR, health authorities may share health data when this is needed for reasons of public interest in...more
The Czech Republic’s Data Protection Authority, Urad pro Ochranu Osobnich Udaju, provides its guidance on GDPR and COVID-19:
•Public health authorities are authorized to process personal data to the extent and for the...more
After many data protection authorities (in the European Union and beyond) provided guidance and FAQ's on the relationship between COVID-19 (Coronavirus) and data protection laws (e.g. GDPR), the European Data Protection Board...more
Coronavirus and GDPR , the Spanish AEPD weighs in:
•Data protection should not be used to hinder or limit the effectiveness of the measures taken by authorities in the fight against the pandemic.
•Consent may not be...more
Tell me, don’t sell me, the GDPR version.
The Dutch Data Protection Authority (AP) has imposed a fine of 525,000 euros on tennis association KNLTB for selling personal data without proper consent....more
Ireland’s Data Protection Commission has published guidance on data security.
Key Takeaways-
The most effective means of mitigating the risk of lost or stolen personal data is not to hold the data in the first place....more
The European Data Protection Board has published draft guidelines for public comment on the data protection aspects of connected vehicles.
Key takeaways:
The Relevant Players-
Non exhaustive list of stakeholders: vehicle...more
2/12/2020
/ Connected Cars ,
Cybersecurity ,
Data Controller ,
Data Protection ,
Draft Guidance ,
Driverless Cars ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
The United Kingdom's Information Commissioner's Office has updated its guidance on Special Category Data (Article 9 General Data Protection Regulation). Key takeaways:
Genetic Data-
Genetic analysis that includes enough...more
The European Data Protection Board has issued long-awaited final guidelines for the extraterritorial application of the General Data Protection Regulation (GDPR).
Key changes:
(1) GDPR can apply extraterritorially to some...more
The European Data Protection Supervisor (EDPS) has issued guidance on the concepts of data controller and processor for European Union organizations. Though it covers EU institutions, the guidance contains many concepts that...more
11/14/2019
/ California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
“Regulators ordered China’s app developers and third-party service providers to halt illegal collection and use of personal data in a sweep targeting some of the country’s largest apps,” reports TechNode.com....more
The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR.
Key takeaways:
You need to develop, embed and maintain a culture of data protection in your processing activities, with...more
The UK’s Information Commissioner’s Office has issued an opinion on the use of Live Facial Recognition technology by law enforcement.
Key takeaways:
The use of Live Facial Recognition (LFR) involves processing of...more
The Polish data protection authority has fined a public authority 40,000 Euros for violations of GDPR including:
Failure to execute Article 28 data processing agreements with its service providers....more
Privacy Shield lives to shield another year (Part 1).
The European Commission has published its third annual report on Privacy Shield....more
The UK’s Information Commissioner’s Office shares its thoughts on the complexity of producing or deleting data used to train machine learning algorithms in data subject requests under GDPR....more
A local Munich court has interpreted the right of access under Article 15 of GDPR and German law. Here are some key takeaways for GDPR and for consumer access requests under CCPA:
The right of access under GDPR is a...more
The Singapore Personal Data Protection Commission has issued guidance on privacy disclosures:
Highlight information that may be of particular concern to individuals, such as purposes of use or situations where personal...more
Consent is not needed for the transfer of personal data from Canada to other countries, says the Canadian Office of the Privacy Commissioner.
Following a consultation on transfers of personal information for processing,...more
The Liechtenstein data protection authority has issued guidance on joint controllership under GDPR:
Examples of joint controllers:
1.If two companies jointly organize a competition in which the name and address are...more
Do I have to disclose documents with confidential internal correspondence, and comments from my staff as part of a GDPR data subject access request? The Court of The Hague says “Yes, you do.”...more
Who is responsible for putting a GDPR Article 28 Data Processing Agreement in place?
Dutch Data Protection Authority, Autoreitpersoonsgegevens, says: BOTH the data controller and the data processor....more
“Since the [EU US Privacy Shield] Framework’s implementation on August 1, 2016, more than 5,000 companies have made public and legally enforceable pledges to protect data transferred from the EU in accordance with the Privacy...more
Under the Bahrain Personal Data Protection Law (PDPL), which came into effect on August 1, 2019, organizations need to obtain consent from customers in order to collect, process, store and use their personal information for...more