"Monsters Inc." y el tratamiento de los datos
Just over one year after the Colorado Privacy Act Rules took effect, the Colorado Attorney General’s Office filed a set of proposed draft amendments that, if implemented, would significantly modify the Rules to reflect recent...more
On 3 February 2022, the French Commission Nationale de l'Informatique et des Libertés (the "CNIL") published a set of commercial management guidelines for all organizations that conduct data processing for the management of...more
The European Commission’s decision of 4 June 2021 finalises the new SCCs for transferring personal data from the EEA. After invalidation of the Privacy Shield by Europe’s top court, many businesses came to rely upon...more
The EDPB issued an opinion on the draft Standard Contractual Clauses (SCC) for a controller-processor data processing agreement under Article 28 (Data Processing Agreements) submitted by the Lithuanian supervisory authority. ...more
Virginia Governor Ralph Northam signed the Consumer Data Protection Act (the “Act”) on March 2, 2021. The following are answers to some frequently asked questions about the Act and its impact on organizations doing business...more
A few highlights from the final CCPA regulations: Service providers: Per the California Attorney General’s Final Statement of Reasons, a service provider that processes information in breach of the provisions of the...more
Who is responsible for putting a GDPR Article 28 Data Processing Agreement in place? Dutch Data Protection Authority, Autoreitpersoonsgegevens, says: BOTH the data controller and the data processor....more
The Dutch Data Protection Authority has written to the Dutch Banking Association to state that processing customers' transaction data for direct marketing purposes may not be in compliance with the General Data Protection...more
Why does this topic matter to organisations? Processing of personal data is lawful only if, and to the extent that, it is permitted under EU data protection law. If the controller does not have a lawful basis for a given...more
Much has been written about the consternation and concern of businesses around the world regarding the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. The GDPR applies to...more
On May 29, 2017, the French Data Protection Authority (Commission Nationale Informatique et Libertés, or "CNIL") announced that it had authorized nine banking institutions to implement, on an experimental basis,...more