The European Data Protection Board (EDPB) has issued its much anticipated FAQs on the Court of Justice of the European Union's (CJEU) Schrems II decision. This document does not yet contain the "supplementary measures" that...more
Spanish data protection authority Agencia Española de Protección de Datos (AEPD) has published helpful guidelines on the data protection aspects of using mobile apps intended to control access to places of business while the...more
To extend or not to extend?
AB 1281, extending the employee and B2B exemptions for the California Consumer Privacy Act, has been amended in the California Senate.
Previously a bill dealing with limitations on facial...more
The IAPP – International Association of Privacy Professionals provides a helpful infographic on questions to ask concerning data collected when performing COVID-19 testing.....more
A group of Republican U.S. senators plan to introduce legislation to protect user privacy in relation to contact-tracing apps used to combat the spread of COVID-19.
“While the severity of the COVID-19 health crisis cannot...more
California Attorney General Xavier Becerra issued an alert reminding consumers of their data privacy rights amid the COVID-19 public health emergency.
This included a specific reference to CCPA and the rights granted under...more
Coronavirus and Data Protection guidance from the Catalan Data Protection Authority:
•Under Articles 6.1.(e) and 9.2.(i) GDPR, health authorities may share health data when this is needed for reasons of public interest in...more
The Czech Republic’s Data Protection Authority, Urad pro Ochranu Osobnich Udaju, provides its guidance on GDPR and COVID-19:
•Public health authorities are authorized to process personal data to the extent and for the...more
After many data protection authorities (in the European Union and beyond) provided guidance and FAQ's on the relationship between COVID-19 (Coronavirus) and data protection laws (e.g. GDPR), the European Data Protection Board...more
Coronavirus and GDPR , the Spanish AEPD weighs in:
•Data protection should not be used to hinder or limit the effectiveness of the measures taken by authorities in the fight against the pandemic.
•Consent may not be...more
Tell me, don’t sell me, the GDPR version.
The Dutch Data Protection Authority (AP) has imposed a fine of 525,000 euros on tennis association KNLTB for selling personal data without proper consent....more
Ireland’s Data Protection Commission has published guidance on data security.
Key Takeaways-
The most effective means of mitigating the risk of lost or stolen personal data is not to hold the data in the first place....more
The European Data Protection Board has published draft guidelines for public comment on the data protection aspects of connected vehicles.
Key takeaways:
The Relevant Players-
Non exhaustive list of stakeholders: vehicle...more
2/12/2020
/ Connected Cars ,
Cybersecurity ,
Data Controller ,
Data Protection ,
Draft Guidance ,
Driverless Cars ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
The United Kingdom's Information Commissioner's Office has updated its guidance on Special Category Data (Article 9 General Data Protection Regulation). Key takeaways:
Genetic Data-
Genetic analysis that includes enough...more
The European Data Protection Board has issued long-awaited final guidelines for the extraterritorial application of the General Data Protection Regulation (GDPR).
Key changes:
(1) GDPR can apply extraterritorially to some...more
The European Data Protection Supervisor (EDPS) has issued guidance on the concepts of data controller and processor for European Union organizations. Though it covers EU institutions, the guidance contains many concepts that...more
11/14/2019
/ California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
“Regulators ordered China’s app developers and third-party service providers to halt illegal collection and use of personal data in a sweep targeting some of the country’s largest apps,” reports TechNode.com....more
The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR.
Key takeaways:
You need to develop, embed and maintain a culture of data protection in your processing activities, with...more
The UK’s Information Commissioner’s Office has issued an opinion on the use of Live Facial Recognition technology by law enforcement.
Key takeaways:
The use of Live Facial Recognition (LFR) involves processing of...more
The Polish data protection authority has fined a public authority 40,000 Euros for violations of GDPR including:
Failure to execute Article 28 data processing agreements with its service providers....more
Privacy Shield lives to shield another year (Part 1).
The European Commission has published its third annual report on Privacy Shield....more
The UK’s Information Commissioner’s Office shares its thoughts on the complexity of producing or deleting data used to train machine learning algorithms in data subject requests under GDPR....more
A local Munich court has interpreted the right of access under Article 15 of GDPR and German law. Here are some key takeaways for GDPR and for consumer access requests under CCPA:
The right of access under GDPR is a...more
The Singapore Personal Data Protection Commission has issued guidance on privacy disclosures:
Highlight information that may be of particular concern to individuals, such as purposes of use or situations where personal...more
Consent is not needed for the transfer of personal data from Canada to other countries, says the Canadian Office of the Privacy Commissioner.
Following a consultation on transfers of personal information for processing,...more