"Monsters Inc." y el tratamiento de los datos
Recently, the European Data Protection Board (EDPB) adopted an opinion addressing key data protection concerns arising from the use of Artificial Intelligence (AI) models. The opinion specifically focuses on how GDPR...more
On October 24, 2024, the Irish Data Protection Commission (DPC) issued a press release announcing its EUR 310 million fine of LinkedIn over the platform’s use of member personal data in breach of the EU’s General Data...more
In today's digital era, the volume of electronic data generated by organizations is staggering. For law firms conducting due diligence, managing this data while ensuring compliance with stringent data privacy regulations is a...more
Challenges may arise when conducting an internal investigation related to an underlying disclosure by a whistleblower pursuant to the EU Directive, because companies must strictly comply with the GDPR. Failure to comply with...more
Alla luce del recente provvedimento dell’Autorità Garante per la Protezione dei Dati Personali Francese, la Commission nationale de l'informatique et des libertés (“Garante” o “CNIL”), riportiamo di seguito un’analisi del...more
2023 continues to be a busy year for European data protection authorities. Following its release of the Irish Data Protection Commission’s (DPC’s) binding decisions in cases against Facebook and Instagram, the European Data...more
On January 19, the Irish Data Protection Commission (DPC) announced the conclusion of an inquiry into the data processing practices of a U.S.-based messaging service’s Ireland operations and fined the messaging service €5.5...more
Connecticut Passes the Fifth US State Consumer Privacy Law - The Connecticut governor has formally signed and passed An Act Concerning Personal Data Privacy and Online Monitoring (CPDA), making this law the fifth US state...more
Let’s say you are an EU company. You engage a processor. Data is processed in the EU. There is no transfer. But in the processor-sub-processor data processing agreement, the data processor reserves the right to disclose...more
When GDPR became effective three years ago, companies took notice of the fines and penalties attached to violations of the stringent privacy law—4 percent of global annual sales....more
A new consumer privacy bill in Colorado will give Colorado consumers the right to opt out of the processing of their personal data and to request that personal data be corrected or deleted. Passage of the bill makes...more
On June 10, 2021, the Standing Committee of the 13th National People's Congress passed the long awaited People's Republic of China (China) Data Security Law ("DSL") after a final read of the third draft. The DSL, which takes...more
The European Commission’s decision of 4 June 2021 finalises the new SCCs for transferring personal data from the EEA. After invalidation of the Privacy Shield by Europe’s top court, many businesses came to rely upon...more
The EDPB issued an opinion on the draft Standard Contractual Clauses (SCC) for a controller-processor data processing agreement under Article 28 (Data Processing Agreements) submitted by the Lithuanian supervisory authority. ...more
Keypoint: The Colorado bill mirrors the Virginia Consumer Data Protection Act and Washington Privacy Act but contains some notable differences. On March 19, 2021, Colorado lawmakers introduced the Colorado Privacy Act...more
The data protection authority of the German state of Baden-Wurttemberg issued a guidance for European Union data exporters in the wake of the Schrems II decision by the Court of Justice of the European Union (CJEU), which...more
Spanish data protection authority Agencia Española de Protección de Datos (AEPD) has published helpful guidelines on the data protection aspects of using mobile apps intended to control access to places of business while the...more
Clinical trials have become increasingly important for pharmaceutical companies and medical device manufacturers, which are focused on collecting as much data as possible on products and devices and their adverse effects. All...more
We are now over a year on from the major changes made to the European data protection regime by the GDPR so it is time to revisit what the changes mean now for the hospitality sector and investment in it, given increased...more
The EDPB’s new Guidelines on Article 6(1)(b) may severely limit e-commerce business’ ability to enhance data processing by unilaterally defining contractual services....more
Who is responsible for putting a GDPR Article 28 Data Processing Agreement in place? Dutch Data Protection Authority, Autoreitpersoonsgegevens, says: BOTH the data controller and the data processor....more
The Dutch Data Protection Authority has written to the Dutch Banking Association to state that processing customers' transaction data for direct marketing purposes may not be in compliance with the General Data Protection...more
New law passed on the adaptation of German data protection law to the GDPR - Following the amendment of the Federal Data Protection Act ("BDSG") in 2017, on 27 June 2019 the German Bundestag passed a second act to adapt...more
Why does this topic matter to organisations? Processing of personal data is lawful only if, and to the extent that, it is permitted under EU data protection law. If the controller does not have a lawful basis for a given...more
Why does this topic matter to organisations? The Data Protection Principles provide the conditions on which an organisation is permitted to process personal data. If an organisation cannot satisfy the Data Protection...more