"Monsters Inc." y el tratamiento de los datos
Recently, the European Data Protection Board (EDPB) adopted an opinion addressing key data protection concerns arising from the use of Artificial Intelligence (AI) models. The opinion specifically focuses on how GDPR...more
On October 24, 2024, the Irish Data Protection Commission (DPC) issued a press release announcing its EUR 310 million fine of LinkedIn over the platform’s use of member personal data in breach of the EU’s General Data...more
2023 continues to be a busy year for European data protection authorities. Following its release of the Irish Data Protection Commission’s (DPC’s) binding decisions in cases against Facebook and Instagram, the European Data...more
When GDPR became effective three years ago, companies took notice of the fines and penalties attached to violations of the stringent privacy law—4 percent of global annual sales....more
Keypoint: The Colorado bill mirrors the Virginia Consumer Data Protection Act and Washington Privacy Act but contains some notable differences. On March 19, 2021, Colorado lawmakers introduced the Colorado Privacy Act...more
Spanish data protection authority Agencia Española de Protección de Datos (AEPD) has published helpful guidelines on the data protection aspects of using mobile apps intended to control access to places of business while the...more
Clinical trials have become increasingly important for pharmaceutical companies and medical device manufacturers, which are focused on collecting as much data as possible on products and devices and their adverse effects. All...more
The EDPB’s new Guidelines on Article 6(1)(b) may severely limit e-commerce business’ ability to enhance data processing by unilaterally defining contractual services....more
Who is responsible for putting a GDPR Article 28 Data Processing Agreement in place? Dutch Data Protection Authority, Autoreitpersoonsgegevens, says: BOTH the data controller and the data processor....more
The Dutch Data Protection Authority has written to the Dutch Banking Association to state that processing customers' transaction data for direct marketing purposes may not be in compliance with the General Data Protection...more
Why does this topic matter to organisations? Processing of personal data is lawful only if, and to the extent that, it is permitted under EU data protection law. If the controller does not have a lawful basis for a given...more
Although the EU’s General Data Protection Regulation (GDPR) has been in force for more than six months, many organizations are still getting to grips with some of the practical requirements, including ensuring that their...more
NHS and social care organisations in the UK are being encouraged to take a fresh look at public cloud services given the myriad benefits of doing so. The guidance is timely given the coming into force of the GDPR in May,...more
Spoiler Alert: Behavioral advertising companies will find some bad news in the guidance. The Article 29 Working Party (WP29) advisory group, which will soon become the more transparently-named (and very powerful) European...more
Much has been written about the consternation and concern of businesses around the world regarding the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. The GDPR applies to...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
The German Ministry of Interior affairs has published an English translation of the new Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). On 27 April 2017 the German Parliament passed the BDSG in order to make use...more
The UK Information Commissioner’s Office has just published draft guidance on consent under GDPR. This is an interesting move given that the Article 29 Working Party has promised guidance on the same topic later this year,...more