The International Association of Privacy Professionals is holding its 2019 Europe Data Protection Conference in Brussels. Partner Odia Kagan, who is in attendance, shares some takeaways from day one of the event....more
The European Data Protection Board has issued long-awaited final guidelines for the extraterritorial application of the General Data Protection Regulation (GDPR).
Key changes:
(1) GDPR can apply extraterritorially to some...more
The European Data Protection Supervisor (EDPS) has issued guidance on the concepts of data controller and processor for European Union organizations. Though it covers EU institutions, the guidance contains many concepts that...more
11/14/2019
/ California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR.
Key takeaways:
You need to develop, embed and maintain a culture of data protection in your processing activities, with...more
The European Commission expects the U.S. Department of Commerce (DoC) to request from companies evidence of the privacy provisions of the relevant contracts with third parties to assess compliance with the onward transfer...more
Privacy Shield lives to shield another year (Part 1).
The European Commission has published its third annual report on Privacy Shield....more
The European Data Protection Board (EDPB) has issued final guidelines on the General Data Protection Resolution's (GDPR) legal basis of "Necessary for the Performance of a Contract" (Article 6(1)(b)....more
The UK’s Information Commissioner’s Office shares its thoughts on the complexity of producing or deleting data used to train machine learning algorithms in data subject requests under GDPR....more
The Court of Justice of the European Union has issued its Planet 49 decision.
Key takeaways:
A pre-checked check box is not sufficient consent for the placement of cookies....more
A Facebook “like” is actually more like “in a [Joint Controller] relationship” status, says the Court of Justice of the EU in a long awaited decision in the Fashion ID matter.
At issue: The legal framework surrounding...more
The European Data Protection Board (EDPB) publishes it’s first annual report and reveals a road map for guidance to come.
In 2019 and 2020, the EDPB aims to focus on data subjects’ rights, the concept of the controller and...more
The European Data Protection Board has issued guidance on the use of video surveillance.
Key takeaways:
The monitoring purposes of cameras should be documented in writing....more
The European Data Protection Board (EDPB) has issued an opinion on the standard contractual clauses proposed by the Denmark Data Protection Authority that contains important takeaways for drafting and negotiating of all...more
The European Data Protection Board has issued an opinion on lead supervisory authority in the event of a change of location of the main establishment of an organization....more
The European Data Protection Board’s addressed some interesting issues during its 12th Plenary Session on July 9 and 10:
Guidelines on how the GDPR applies to the processing of personal data when using video devices....more
Milk, meat, fruits, breads … and data protection.
These are the new food groups for your M&A deal.
Just 24 hours after the notice of intent to fine British Airways 183 Million GBP, the UK ICO issued an intent to fine...more
7/10/2019
/ Acquisitions ,
British Airways ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Due Diligence ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Mergers ,
Popular ,
UK
If you wait for them, the big General Data Protection Regulation (GDPR) fines will come.
UK Data protection authority, ICO, announced its intent to fine British Airways 183 million GBP (1.5 percent of annual revenue) for a...more
7/9/2019
/ British Airways ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Popular ,
UK
“The game-changing rules [of GDPR] have not only made Europe fit for the digital age, they have also become a global reference point,” say Andrus Ansip, Vice-President for the Digital Single Market and Vera Jourová,...more
Danish data protection authority Datatilsynet has ordered a bus company to explain, by July 15, how it will amend its IT systems to allow for compliance with the right to rectification (correction) under GDPR and provide a...more
“Privacy policies … have evolved from … largely factual statements to become, nowadays, either long, verbose and impenetrable legalese, or else vague and soothing PR exercises. Either approach places the burden on the...more
“Where the sponsor processes personal data of data subjects in the EU, including in the context of managing the clinical trial, GDPR is fully applicable, including the obligation to designate a representative in the...more
“This call may be recorded for training purposes…if you consent say ‘Consent’.”
The Danish Data Protection Authority (Datatilsynet) has ordered a company to cease recording phone calls for training purposes until it...more
The European Data Protection Board (EDPB) has issued draft guidelines on the GDPR legal basis of “necessary for the performance of a contract”....more
The European Parliament weighs in on data brokers and data processing in the context of elections in a published answer to a parlimentary question.
“Data brokers may act as controllers or processors depending on the degree...more
How has GDPR enforcement played out in the past year?
The Dutch Data Protection Authority (Autoriteitpersoonsgegevens, or AP) recently published a report on its 2018 activities....more