While appointing and registering a DPO has been mandatory in China for many years, a portal has now finally been established for organisations to register those DPOs with the China data protection authority. This resolves...more
On October 7, 2024, the European Data Protection Board (“EDPB”) adopted an opinion on obligations following from the use of processors and sub-processors (the “Opinion”). The EDPB is the body that seeks to ensure harmonised...more
New rules just took effect in Brazil regulating international data transfers, and employers doing business in the country must take note. Covered data processing agents – such as companies in Brazil that transfer data to...more
Scope of the Regulation - On August 23, 2024, the Brazilian Data Protection Authority (ANPD) published Resolution CD/ANPD No. 19/2024 (the “Regulation”), which addresses international transfers of personal data....more
The Court of Justice of the EU (CJEU)1 has held that the General Data Protection Regulation (GDPR) requires controllers to provide data subjects a "faithful reproduction" of their personal data, which takes into account the...more
The UK government set out its detailed proposals for data protection reform on 18 July 2022 in the form of the Data Protection and Digital Information Bill. Compared with some of the radical ideas in the 2021 public...more
Last week we raised our hands to inform you about the Spanish Data Protection Authority’s approval of the "Code of Conduct on the processing of personal data in the field of clinical trials and other clinical research as well...more
This article explores the topic of appointed representatives under Article 27 of the GDPR. What are they? When do you need one? How is regulatory enforcement starting to play out in the EU and in the UK on this issue?...more
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
Following the outbreak of COVID-19 and its development into a global pandemic, organizations have been implementing exceptional measures to safeguard the health of employees, customers and others. Organizations are also...more
Following the outbreak of COVID-19 and its development into a global pandemic, organizations have been implementing exceptional measures to safeguard employees, customers and others against the health threat that is being...more
On January 17, The Belgian Data Protection Authority (DPA) published Recommendation no 01/2020 providing Guidance on direct marketing. The Recommendation provides a methodology on how to comply with the General Data...more
The Situation: On July 4, 2019, the French data protection authority ("CNIL") published revised guidelines on the implementation of cookies or similar tracking technologies in order to take into account the new requirements...more
BB&K's Christina Morgan Talks About Data Privacy in Riverside Lawyer Magazine - Due to rising concerns about privacy in the digital world, in April 2016, the European Union adopted the General Data Protection Regulation...more
Data scraping is a technique where information on one platform is exported onto another. The practice is widespread and is used for all sort of reasons, like market analysis or advertising. The kind of information located and...more
Global corporations will soon have another privacy law acronym to address. In one year (August 2020), Brazil will join the fray with its own general privacy law, the Lei Geral de Proteção de Dados Pessaoais (General Data...more
The Belgian Data Protection Authority holds that a Data Protection Officer (DPO) may not himself/herself delete personal information of a data subject. Doing so constitutes a violation of the General Data Protection...more
It has been rough weather for Google in France. Three weeks after the French ?Data Protection Authority imposed a record fine against Google for non-compliance with the GDPR, the Paris District Court (“Tribunal de Grande...more
Forget me yes. The Danish data protection authority has published a practical guide on data minimization and the right of erasure under GDPR: If you use “soft delete,” a link is deleted but not the personal information...more
On 21 January 2019, the French Data Protection Authority (the “French DPA”) fined Google LLC 50 million euros for breach of the GDPR. As we reported on this blog, just after GDPR became applicable, noyb.eu (None of Your...more
Last month, the French data protection authority (the CNIL) issued initial guidance addressing issues that applications utilizing blockchain technology should consider in order to comply with the European General Data...more
On May 25, 2018, the European Union (“EU”) will implement the most robust regulation of privacy data that the digital world has ever seen—commonly known as the General Data Protection Regulation, or “GDPR.” The GDPR is the...more
As I reported earlier today, the Court of Justice of the EU (ECJ) has declared Safe Harbor invalid. The full decision is now available online in English (other languages also available at curia.europa.eu by searching on...more