Please take note!
1.SchremsII and cross border transfers: Risk based, wherefore art thou? With the Google Analytics, Google Fonts, Amazon AWS, Google Workspace other cases, the SchremsII and DPA guidance is piling up....more
9/30/2022
/ Biometric Information Privacy Act ,
California Privacy Rights Act (CPRA) ,
Cookies ,
Cross Border Privacy Rules (CBPR) ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
International Data Transfers ,
Privacy Laws ,
Schrems I & Schrems II
What does the Court of Justice of the European Union (CJEU) Advocate General’s opinion in the case of Meta vs. the German Bundeskartellamt tell us regarding the scope of what constitutes “sensitive information,” “contractual...more
Does vehicle service data for services performed on a vehicle while owned by a previous owner belong to the new owner and need to be provided as part of a GDPR Access request?...more
The old saying went that “if you don’t want it on the front page of the newspaper, don’t put it in an email.” Well, if you don’t want to produce it as part of an employee’s Data Subject Access Request (DSAR), it shouldn’t be...more
What can the California Privacy Protection Agency learn from the EU experience as it gets ready to draft regulations regarding DPIAs? Here is a recap of my remarks from the CPRA Regulations Stakeholder Session:...more
The European Union is gearing up to regulate AI, but what is the U.S. doing?
•There are new Federal algorithmic transparency bills being filed:
•The Algorithmic Accountability Act of 2022, introduced by Senator Ron Wyden...more
Let’s say you are an EU company. You engage a processor. Data is processed in the EU. There is no transfer.
But in the processor-sub-processor data processing agreement, the data processor reserves the right to disclose...more
The European Commission has issued a public call for evidence in connection with access to vehicle data, functions and resources pursuant to the proposal for the Data Act....more
What can we learn about disclosures and how to draft privacy notices from the Sweden IMY decision and why is it important for both GDPR companies and CPRA, CDPA, CPA and UCPA companies:...
...more
Many EU companies have their own ideas on what US Privacy laws mean for the, Here are three of the more common myths out there, busted.
Myth 1:
I don’t have physical presence in the US so the laws don’t apply to me....more
Here is a handy checklist from Luxembourg’s Commission Nationale pour la Protection des Données (CNPD) regarding your Data Protection Officer (DPO) compliance...more
A few days before the Austria DSB decision, the European Data Protection Supervisor (EDPS) issued a decision on the use of Google Analytics by the European Parliament.
For Schrems II: EDPS says “if you don’t have any...more
For vehicle data, GDPR is just the beginning, the German Brandenburg regional government said in a Q&A. Stay tuned for the Data Governance Act.
Here are some key points:
•Vehicle manufacturers have to observe GDPR when...more
The German Data Protection Conference (DSK) issued guidance on the Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (‘TTDSG’), which went into effect on December 1, 2021...more
12/30/2021
/ Consent ,
Cookies ,
Data Protection ,
Data Storage ,
Data Transfers ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Germany ,
Internet of Things ,
Opt-Outs ,
Popular ,
Telecommunications
“Clear is kind. Unclear is unkind,” according to author Brené Brown.
A joint opinion from the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) on the European Union’s proposed digital...more
If you use a U.S.-based sub processor (even for data processed in the EU), you lose, the German administrative court of Wiesbaden said in an interim decision.
No transfer. No worries. TIA anyway...more
Data Protection Commission Ireland has issued a report on the responses it received to its public consultation on its guidance on children’s rights.
Of particular note is the careful consideration the commission gave the...more
The European Data Protection Board has issued draft guidelines on the interplay between Art 3.2 and Chapter V of GDPR. And they also have finally defined the term “transfer.”
Here are some key takeaways:...more
While presenting this week at the DRI Cybersecurity and Data Privacy Virtual Seminar, I outlined many of the issues currently impacting data security around the world.
Here are some key points:.....more
10/27/2021
/ Cookies ,
Data Privacy ,
Data Security ,
Do Not Sell ,
EU ,
European Commission ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Internet Service Providers (ISPs) ,
Web Tracking ,
WhatsApp
The European Data Protection Supervisor (EDPS) has issued an opinion on the European Union Agency for Cybersecurity’s (ENISA) use of the explicit consent derogation as a legal basis for cross border transfers to the US...more
Datatilsynet Denmark has issued serious criticism — and an injunction — to bring dating app Dating.dk’s data processing into compliance before November 16, 2021. The group says the app failed to acquire user consent in a...more
It’s time for a new agreement on transatlantic data flows, according to the U.S. Chamber of Commerce.
“The U.S. and EU must work together to swiftly finalize a new EU-U.S. Privacy Shield agreement that brings legal...more
A new Congressional Research Service report on EU-US Privacy Shield invalidation and its aftermath lists possible options for Congress to facilitate US-EU data flows and a potential enhanced Privacy Shield accord. They...more
The DPA of Uruguay, one of the only countries recognized as “adequate” destinations for cross border data transfers from the European Union – has issued updated guidance on the content of cross border data transfer agreements...more
Here are a few takeaways from what I said this week at the InfoGov World Expo virtual auditorium.
•Is it still “early days for GDPR?” Not if you ask Germany, France’s Commission Nationale de l’Informatique et des Libertés...more