The Higher Regional Court of Cologne Germany has held that internal recorded statements, conversation notes or telephone notes constitute personal data and copies of them must be disclosed in response to a data access...more
The Belgian Data Protection Authority holds that a Data Protection Officer (DPO) may not himself/herself delete personal information of a data subject.
Doing so constitutes a violation of the General Data Protection...more
The Hellenic DPA has issued an opinion regarding the appropriate legal basis for processing employee data under GDPR:
Consent should be used as the legal basis only where the other legal bases do not apply....more
A Facebook “like” is actually more like “in a [Joint Controller] relationship” status, says the Court of Justice of the EU in a long awaited decision in the Fashion ID matter.
At issue: The legal framework surrounding...more
The European Commission has published a report looking at the impact of the EU data protection rules, and how implementation can be improved further....more
“The decision to impose documentation requirements, rather than bright line rules, represents a significant departure from how the government traditionally aims to protect the public. It is akin to if federal regulators,...more
Big Picture Takeaways:
Facebook faces many detailed requirements for internal and external governance and oversight with extensive reporting requirements...more
7/25/2019
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Facebook ,
Federal Trade Commission (FTC) ,
Fines ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
Social Media
The Danish Data Protection Authority has issued guidance on the transmission of personal data via text messages (SMS).
Key takeaways:
Sending personal data by SMS is risky as it entails transmission in clear text, over...more
The European Data Protection Board (EDPB) has issued an opinion on the standard contractual clauses proposed by the Denmark Data Protection Authority that contains important takeaways for drafting and negotiating of all...more
If you retain personal data indefinitely, or have not given thought to your retention schedule – now may be the time to take another look.
The Danish Data Protection Authority has fined a furniture store 200,000 EUR for...more
The Federal Trade Commission (FTC) has entered into a settlement with a provider of management software for car dealerships that held personal information, including SSN’s and payroll information, in cleartext, holding its...more
Spotlight on adequate/reasonable protections to personal information – Part 1 – France.
CNIL fined a real estate company 400,000 EUR for failure to implement adequate protections to personal data in violation of GDPR....more
“The game-changing rules [of GDPR] have not only made Europe fit for the digital age, they have also become a global reference point,” say Andrus Ansip, Vice-President for the Digital Single Market and Vera Jourová,...more
The French Data protection authority, CNIL, has issued a “Developer Kit” setting forth best practices for data protection.
Key takeaways:
Before using a development tool, especially for personal data, read the...more
The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR....more
The California Consumer Privacy Act (CCPA), a broad-based law protecting information that identifies California residents, was passed in June 2018 and will take effect in 2020. Dubbed “GDPR Lite,” to denote its similarities...more
“The right to be forgotten does not apply in principle to medical records. However, as a patient, you may ask your health care provider to remove data from your medical record,” according to the Dutch Data Protection...more
The Dutch Data Protection Authority makes six recommendations on drafting your data protection policy, based on its audits of privacy policies of blood banks, IVF clinics and political parties.
A good data protection policy...more
The French Data Protection Agency CNIL recieved 11,077 complaints in 2018, up 32.5 percent compared to 2017.
Other highlights from the CNIL 2018 report-
CNIL carried out 310 investigations in 2018, of which 204 were...more
“Where the sponsor processes personal data of data subjects in the EU, including in the context of managing the clinical trial, GDPR is fully applicable, including the obligation to designate a representative in the...more
How has GDPR enforcement played out in the past year?
The Dutch Data Protection Authority (Autoriteitpersoonsgegevens, or AP) recently published a report on its 2018 activities....more
GDPR right of access applies in the work context too.
Four Uber drivers from London, Nottingham and Glasgow claim Uber has breached their rights by failing to disclose personal data the firm holds on them in breach of the...more
EDPB on the ePrivacy Directive and GDPR:
In situations where the ePrivacy Directive renders more specific the rules of the GDPR, the provisions of the ePrivacy Directive take precedence over the provisions of the GDPR....more
Data subject access rights and your medical practice: The UK Information Commissioner’s Office (ICO) issues advice.
Medical practices have reported a significant rise in subject access requests (SARs) since the GDPR came...more
GDPR does NOT:
prohibit a hairdresser from telling a customer what hair color they used on their hair -
prevent the fire department from telling a property management company whether there had been a fire in one of its...more