The European Data Protection Supervisor (EDPS) has issued guidance on the concepts of data controller and processor for European Union organizations. Though it covers EU institutions, the guidance contains many concepts that...more
11/14/2019
/ California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
In a complaint, the Federal Trade Commission alleges that between January 2017 and October 2018, RagingWire Data Centers, Inc. claimed in its online privacy policy that the company participated in the Privacy Shield framework...more
The auto-complete function is not prohibited by GDPR, says the Danish data protection authority.
The search function suggested certain search suggestions automatically including the complainant’s name....more
The California Attorney General considered and rejected the creation of a safe harbor exemption from the CCPA for businesses that are already complying with GDPR, says the statement of reasons that accompanies the draft CCPA...more
Google Analytics is in the crossfire in Germany.
The data protection authorities of the German states are being flooded with complaints, approximately 200,000 in number, regarding deployment of the Google Analytics service...more
Three proposed amendments to the California Consumer Privacy Act were themselves amended on September 6. Here is a summary of the major changes, with links to the current version of each proposed amendment:
Until 1/1/2021...more
Web crawling and data protection: CNIL has issued a 180,000 EUR fine against a provider of automobile insurance policies for failure to adequately protect data in violation of GDPR, specifically citing disallowing web...more
The European Commission has published a report looking at the impact of the EU data protection rules, and how implementation can be improved further....more
Analytics cookies in the crossfire.
Different approaches set forth in the CNIL Guidance and in the ICO cookie guidance.
CNIL – Set list of terms to qualify for an exemption from the need to obtain consent....more
The French privacy regulator CNIL has released guidance on how to comply with the European Union’s General Data Protection Regulation (GDPR) when using cookies and other web tracking technologies that are an integral part of...more
The European Data Protection Board (EDPB) has issued an opinion on the standard contractual clauses proposed by the Denmark Data Protection Authority that contains important takeaways for drafting and negotiating of all...more
Milk, meat, fruits, breads … and data protection.
These are the new food groups for your M&A deal.
Just 24 hours after the notice of intent to fine British Airways 183 Million GBP, the UK ICO issued an intent to fine...more
7/10/2019
/ Acquisitions ,
British Airways ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Due Diligence ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Mergers ,
Popular ,
UK
If you wait for them, the big General Data Protection Regulation (GDPR) fines will come.
UK Data protection authority, ICO, announced its intent to fine British Airways 183 million GBP (1.5 percent of annual revenue) for a...more
7/9/2019
/ British Airways ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Popular ,
UK
The Swedish Data Protection Authority has initiated an inquiry into how song streaming provider Spotify handles data access requests....more
Why Covered Entities and Business Associates Cannot Ignore the New California Data Privacy Law-
The California Consumer Privacy Act (CCPA) applies to a wide range of for-profit businesses that collect the personal...more
The California Consumer Privacy Act (CCPA), which takes effect in 2020, has been dubbed “GDPR-Lite” or “California GDPR” because it shares many concepts and compliance obligations with the EU General Data Protection...more
5/9/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Right to Delete
The Dutch Data Protection Authority makes six recommendations on drafting your data protection policy, based on its audits of privacy policies of blood banks, IVF clinics and political parties.
A good data protection policy...more
EDPB on the ePrivacy Directive and GDPR:
In situations where the ePrivacy Directive renders more specific the rules of the GDPR, the provisions of the ePrivacy Directive take precedence over the provisions of the GDPR....more
The California Consumer Privacy Act (CCPA), a broad-based law protecting information that identifies California residents, will take effect in 2020. The law includes detailed disclosure requirements, provides individuals with...more
3/13/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action
Thailand’s Parliament passed the Personal Data Protection Act, a bill created to offer citizens similar protections to the EU General Data Protection Regulation.
The data protection law, effective after a one-year transition...more
Sorta, kinda, immutable.
Turns out the blockchain CAN get hacked, and changed.
In the blockchain, a miner who somehow gains control of a majority of the network’s mining power (a so-called “51% attack”) can defraud other...more
Will the California Consumer Privacy Act serve as a blueprint for a federal privacy law or for a patchwork quilt of state privacy laws?
As states have been commencing legislative proceedings and as proposals for a federal...more
“As California goes, so goes the nation,” said Vermont Attorney General T.J. Donovan.
A group of state attorneys general said Wednesday that they are looking to California for guidance and following how the country’s most...more
Clinical trials and the EU General Data Protection Regulation (GDPR): The European Data Protection Board (EDPB) has issued a much-awaited opinion on the legal basis for processing clinical trial data....more
The IAPP: International Association of Privacy Professionals, reports on Spain’s new GDPR implementation law, which provides clarity to some gray areas.
Highlights include: -
The data processor may address a data subject’s...more