Luxembourg-
Employers should NOT:
•require that employees communicate to them daily a statement of their body temperature or fill out medical sheets or questionnaires
•have visitors or other external persons sign a...more
France’s Data Processing Authority CNIL weighs in on Coronavirus and GDPR.
Employers should NOT:
•Collect in a systematic and generalized manner, or through individual inquiries and requests, information relating to the...more
Italy, which is currently dealing with the most serious COVID-19 outbreak in Europe, weighs in on health data and GDPR .
Employers should NOT:
•systematically collect (e.g. through specific requests to employees or...more
The European Data Protection Board has published draft guidelines for public comment on the data protection aspects of connected vehicles.
Key takeaways:
The Relevant Players-
Non exhaustive list of stakeholders: vehicle...more
2/12/2020
/ Connected Cars ,
Cybersecurity ,
Data Controller ,
Data Protection ,
Draft Guidance ,
Driverless Cars ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
Speak to me in algorithms.
The European Data Protection Board (EDPB) has issued a letter on the appropriateness of the GDPR as a legal framework to protect citizens from unfair algorithms....more
1.Yes, CCPA can apply to you even if you have no physical presence in California.
2.Yes, if you have done some GDPR compliance you are in better shape for CCPA.
3.No, your GDPR compliance work is NOT sufficient for CCPA...more
The United Kingdom's Information Commissioner's Office has issued, for public consultation, draft guidance on the right of access under the General Data Protection Regulation (GDPR).
Key takeaways:
To Prepare for a Data...more
The International Association of Privacy Professionals is holding its 2019 Europe Data Protection Conference in Brussels. Partner Odia Kagan, who is in attendance, shares some takeaways from day two of the event....more
The United Kingdom's Information Commissioner's Office has updated its guidance on Special Category Data (Article 9 General Data Protection Regulation). Key takeaways:
Genetic Data-
Genetic analysis that includes enough...more
The Spanish AEPD has published guidelines on patient health data protection.
The guidelines track the requirements of GDPR as applicable to patient data including the obligation to provide adequate disclosure under Article...more
The European Data Protection Board has issued long-awaited final guidelines for the extraterritorial application of the General Data Protection Regulation (GDPR).
Key changes:
(1) GDPR can apply extraterritorially to some...more
The European Data Protection Supervisor (EDPS) has issued guidance on the concepts of data controller and processor for European Union organizations. Though it covers EU institutions, the guidance contains many concepts that...more
11/14/2019
/ California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
The auto-complete function is not prohibited by GDPR, says the Danish data protection authority.
The search function suggested certain search suggestions automatically including the complainant’s name....more
The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR.
Key takeaways:
You need to develop, embed and maintain a culture of data protection in your processing activities, with...more
According to the NewEurope newspaper, “Sweden’s data protection authority has approved the use of facial recognition technology by the police, to help identify criminal suspects.”...more
The Dutch DPA has issued guidance on the use of “legitimate interest” as a legal basis for processing data under GDPR.
Key takeaways on what constitutes “legitimate”:
The interest needs to be pursuant to a written or...more
The California Attorney General considered and rejected the creation of a safe harbor exemption from the CCPA for businesses that are already complying with GDPR, says the statement of reasons that accompanies the draft CCPA...more
The United Kingdom’s Information Commissioner’s Office has launched a public consultation on how to create a toolkit to help organizations assess whether they have appropriate and effective internal data protection governance...more
The Polish data protection authority has fined a public authority 40,000 Euros for violations of GDPR including:
Failure to execute Article 28 data processing agreements with its service providers....more
The European Data Protection Board (EDPB) has issued final guidelines on the General Data Protection Resolution's (GDPR) legal basis of "Necessary for the Performance of a Contract" (Article 6(1)(b)....more
The UK’s Information Commissioner’s Office shares its thoughts on the complexity of producing or deleting data used to train machine learning algorithms in data subject requests under GDPR....more
On the heels of the Planet49 decision, the Spanish data protection authority AEPD has fined Vueling Airlines €30,000 (reduced to €18,000 for payment in full) for failure to provide a compliant cookie disclosure/consent under...more
A local Munich court has interpreted the right of access under Article 15 of GDPR and German law. Here are some key takeaways for GDPR and for consumer access requests under CCPA:
The right of access under GDPR is a...more
The Liechtenstein data protection authority has issued guidance on joint controllership under GDPR:
Examples of joint controllers:
1.If two companies jointly organize a competition in which the name and address are...more
The Danish Data Protection Authority has changed its position regarding the legal basis for posting pictures online under the General Data Protection Regulation (GDPR). Rather than a distinction between "situational" and...more