Spotlight on adequate/reasonable protections to personal information – Part 1 – France.
CNIL fined a real estate company 400,000 EUR for failure to implement adequate protections to personal data in violation of GDPR....more
“The game-changing rules [of GDPR] have not only made Europe fit for the digital age, they have also become a global reference point,” say Andrus Ansip, Vice-President for the Digital Single Market and Vera Jourová,...more
The European Data Protection Report’s first annual report on GDPR, “1 Year GDPR — Taking Stock,” shows public awareness of the European Union’s data protection regime is growing....more
The French Data protection authority, CNIL, has issued a “Developer Kit” setting forth best practices for data protection.
Key takeaways:
Before using a development tool, especially for personal data, read the...more
The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR....more
“The right to be forgotten does not apply in principle to medical records. However, as a patient, you may ask your health care provider to remove data from your medical record,” according to the Dutch Data Protection...more
The California Consumer Privacy Act (CCPA), which takes effect in 2020, has been dubbed “GDPR-Lite” or “California GDPR” because it shares many concepts and compliance obligations with the EU General Data Protection...more
5/9/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Right to Delete
Danish data protection authority Datatilsynet has ordered a bus company to explain, by July 15, how it will amend its IT systems to allow for compliance with the right to rectification (correction) under GDPR and provide a...more
“Privacy policies … have evolved from … largely factual statements to become, nowadays, either long, verbose and impenetrable legalese, or else vague and soothing PR exercises. Either approach places the burden on the...more
The Finnish Data Protection Authority has ordered a company to modify its automated practices for assessing creditworthiness.
The authority held that the Credit Decision Service in the company’s online environment is an...more
Enforcement is coming – says CNIL, the French Data Protection Authority.
CNIL published its enforcement priorities for 2019. CNIL will no longer refrain from enforcing new obligations imposed by GDPR, but it will continue...more
The GDPR that stole communion…
Some schools in Ireland have been banning photographs at communion, citing GDPR.
The Irish Data Protection Commission clarified in a guidance titled “Taking Photos at School Events: Where...more
The Dutch Data Protection Authority makes six recommendations on drafting your data protection policy, based on its audits of privacy policies of blood banks, IVF clinics and political parties.
A good data protection policy...more
“Where the sponsor processes personal data of data subjects in the EU, including in the context of managing the clinical trial, GDPR is fully applicable, including the obligation to designate a representative in the...more
“This call may be recorded for training purposes…if you consent say ‘Consent’.”
The Danish Data Protection Authority (Datatilsynet) has ordered a company to cease recording phone calls for training purposes until it...more
The European Data Protection Board (EDPB) has issued draft guidelines on the GDPR legal basis of “necessary for the performance of a contract”....more
“The crucial, crucial change [GDPR] brought was around accountability. Accountability encapsulates everything the GDPR is about,” says UK Information Commissioner Elizabeth Denham.
Denham said companies must understand the...more
The European Parliament weighs in on data brokers and data processing in the context of elections in a published answer to a parlimentary question.
“Data brokers may act as controllers or processors depending on the degree...more
How has GDPR enforcement played out in the past year?
The Dutch Data Protection Authority (Autoriteitpersoonsgegevens, or AP) recently published a report on its 2018 activities....more
The California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR) apply even to companies with fewer than 250 employees… but they may not know it yet.
A recent study reveals that “Company size...more
GDPR Data minimization in action. Danish Data Protection Authority (Datatilsynet) finds cab company Taxa 4×35’s records retention practices in violation of the GDPR data minimization principle.
The cab company removed names...more
GDPR right of access applies in the work context too.
Four Uber drivers from London, Nottingham and Glasgow claim Uber has breached their rights by failing to disclose personal data the firm holds on them in breach of the...more
EDPB on the ePrivacy Directive and GDPR:
In situations where the ePrivacy Directive renders more specific the rules of the GDPR, the provisions of the ePrivacy Directive take precedence over the provisions of the GDPR....more
GDPR does NOT:
prohibit a hairdresser from telling a customer what hair color they used on their hair -
prevent the fire department from telling a property management company whether there had been a fire in one of its...more
Data protection and political campaigns – European Data Protection Board (EDPB) issues a statement.
Key points:
Personal data revealing political opinions is a special category of data under the GDPR, and, in most...more