“Clear is kind. Unclear is unkind,” according to author Brené Brown.
A joint opinion from the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) on the European Union’s proposed digital...more
If you use a U.S.-based sub processor (even for data processed in the EU), you lose, the German administrative court of Wiesbaden said in an interim decision.
No transfer. No worries. TIA anyway...more
U.S. Congresswomen Anna Eshoo (D-California) and Zoe Lofgren (D-California) have reintroduced House Resolution 6027 for the Online Privacy Act of 2021.
Some of the bill’s key differentiators from CCPA, CDPA and CPA:...more
Data Protection Commission Ireland has issued a report on the responses it received to its public consultation on its guidance on children’s rights.
Of particular note is the careful consideration the commission gave the...more
The European Data Protection Board has issued draft guidelines on the interplay between Art 3.2 and Chapter V of GDPR. And they also have finally defined the term “transfer.”
Here are some key takeaways:...more
Helen Dixon, Ireland’s Data Protection Commissioner, gave the keynote speech during the closing session of the International Association of Privacy Professionals’ Data Protection Congress in Brussels.
Here are a few of...more
U.S. Representative Cathy McMorris Rodgers, the Republican leader of the House Energy and Commerce Committee, and U.S. Representative Gus Bilirakis, the Republican leader for the Consumer Protection and Commerce Subcommittee,...more
The U.K.’s Information Commissioner’s Office (ICO) has responded to the U.K.’s Department for Digital, Culture, Media and Sport’s (DCMS) “Data: Unlimited” initiative...more
While presenting this week at the DRI Cybersecurity and Data Privacy Virtual Seminar, I outlined many of the issues currently impacting data security around the world.
Here are some key points:.....more
10/27/2021
/ Cookies ,
Data Privacy ,
Data Security ,
Do Not Sell ,
EU ,
European Commission ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Internet Service Providers (ISPs) ,
Web Tracking ,
WhatsApp
The Credit Bureau Association of South Africa has issued a code of conduct for the processing of credit information under the Protection of Personal Information Act, No.4 of 2013 (POPIA)...more
The development of alternative techniques to “third-party” cookies cannot be done at the expense of the right of individuals to protect their personal data and privacy, according to France’s Commission Nationale de...more
Datatilsynet Denmark has issued serious criticism — and an injunction — to bring dating app Dating.dk’s data processing into compliance before November 16, 2021. The group says the app failed to acquire user consent in a...more
A new Congressional Research Service report on EU-US Privacy Shield invalidation and its aftermath lists possible options for Congress to facilitate US-EU data flows and a potential enhanced Privacy Shield accord. They...more
Here are a few takeaways from what I said this week at the InfoGov World Expo virtual auditorium.
•Is it still “early days for GDPR?” Not if you ask Germany, France’s Commission Nationale de l’Informatique et des Libertés...more
Ireland’s Data Protection Commission has imposed a fine of €225 million (more than $267 million) on WhatsApp, a popular messaging app owned by Facebook.
Here are some key takeaways for companies subject to GDPR:.....more
And the cookie continues to crumble.
NOYB has filed 422 complaints with ten EU data protection authorities. The move came after it sent written warnings and draft complaints to more than 500 companies on May 31, 2021...more
What are practical lessons learned from the $85 million Zoom settlement?
•You can have big ticket enforcement dollars even without GDPR or CCPA.
•When you integrate a third party feature – including via a Software...more
Children’s data isn’t child’s play.
If you have a product or service that collects information from children, you should:
•Be transparent. No, really. And figure out the best ways to be transparent for kids, which...more
I spoke this week on Usercentrics’ Tech That Talks program, taking look at personalized ad targeting and the future of cookies.
Among the issues we discussed:...more
Maybe someone is reading them after all? European Commission opens for consultation its report of the sector inquiry into consumer internet of things (IoT) devices...more
The EDPB issued an opinion on the draft Standard Contractual Clauses (SCC) for a controller-processor data processing agreement under Article 28 (Data Processing Agreements) submitted by the Lithuanian supervisory authority....more
6/1/2021
/ Cross-Border Transactions ,
Data Breach ,
Data Controller ,
Data Processing Rules ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Right to Delete ,
Software ,
Standard Contractual Clauses ,
Third-Party
The Information Commissioner’s position paper on the UK government’s proposal for a trusted digital identity system provides insight into the interplay between data protection and digital identity.
Key Points-
•Given...more
The Spanish data protection authority AEPD fined Equifax 1 million Euros for processing publicly available personal data unlawfully in violation of the purpose limitation, data minimization and other General Data Protection...more
First we take Sacramento, then we take Berlin: How do US data protection laws affect how you do business.
The webinar is aimed at in-house or outside counsel, as well as data protection and compliance officers. In this...more
4/28/2021
/ Adtech ,
Analytics ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Chief Compliance Officers ,
Consumer Privacy Rights ,
Cookies ,
COPPA ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Sellers ,
Do Not Sell ,
E-Commerce ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Germany ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Multinationals ,
OEM ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
State Privacy Laws ,
Suppliers ,
Third-Party Service Provider ,
Webinars
Colorado has introduced the “Colorado Privacy Act” bill (SB21-190).
Key things to note:
•Recital notes that the “EU GDPR is emerging as a model for countries across the globe in data privacy.” ...more