Recently, the European Data Protection Board (EDPB) adopted an opinion addressing key data protection concerns arising from the use of Artificial Intelligence (AI) models. The opinion specifically focuses on how GDPR...more
As of this writing, the CAM4 security incident remains the largest data breach in history. The attack on the website exposed nearly 11 billion records, including users' names, email addresses, sexual orientations, chat...more
The GDPR contains plenty of requirements, penalties, obligations, rights, and definitions—but it doesn’t contain a specific template for DPIAs, or data protection impact assessments. If you’re struggling to identify...more
On 24 January and 8 April 2022, the procedure before the French Data Protection Authority (CNIL) was reformed with the aim notably to better respond to the growing number of complaints that the CNIL receives each year...more
On 19 February 2021, CNIL released guidance on the use of chatbots in compliance with data protection law (the Guidelines). The CNIL notes that in order to operate the chatbots, controllers will often need to process personal...more
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
Generally, contact tracing refers to an effort by public health officials to identify individuals with whom a patient who has tested positive for an infectious disease has been in close proximity. Public health officials will...more
The French Data Protection Authority (CNIL) published new Guidelines (French only) on December 10, 2019 applicable to whistleblowing schemes, following a public consultation process. The Guidelines replace the former Single...more
Shortly after the recent video surveillance guidance from the EDPB, the Information Commissioner of the Isle of Man published an updated CCTV data protection guidance. Key takeaways for controllers: General...more
The interaction between the General Data Protection Regulation (2016/679) (“GDPR”) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) (“PECR”) has been vexing for some time now. As a...more
The French Data protection authority, CNIL, has issued a “Developer Kit” setting forth best practices for data protection. Key takeaways: Before using a development tool, especially for personal data, read the...more
The French Data Protection Authority (the CNIL) published its assessment of the first four months of GDPR and several guidelines, including one on how to make a GDPR compliant blockchain. ...more
Features - Updates on the GDPR and EU - German DPAs Issue DPIA Blacklists; Many Companies Likely to Be Affected - One of the GDPR’s core going-forward obligations is the duty to conduct data protection impact assessments...more
The European Union (EU) General Data Protection Regulation (GDPR) comes into effect on May 25, 2018, so in less than 60 days. While many companies have been working to ensure compliance with respect to their customer and...more
In our continuing countdown to GDPR, we take up a key element in the upcoming General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018, that being the issue of the Data Protection Impact Assessment...more
Article 35 of the GDPR provides for Data Protection Impact Assessments (DPIA). According to Article 35(1) a DPIA is required when “the processing [of data] is likely to result in a high risk to the rights and freedoms of...more