04/05/2021
This article provides a summary of the Guide to undertaking privacy impact assessments. The 10 steps which every organization needs to consider when undertaking a PIA are outlined in more detail in this article.
20/01/2021
The European Data Protection Board and the European Data Protection Supervisor have adopted a joint opinion on the European Commission Implementing Decision on Standard Contractual Clauses Between Controllers and Processors. The aim is to ensure consistency and a correct application of Article 28 GDPR as regards the presented Draft SCCs that could serve as standard contractual clauses in compliance with Article 28 (7) Regulation (EU) 2016/679 and Article 29 (7) Regulation (EU) 2018/1725 .
31/12/2020
In collaboration with the Lee Kuan Yew Centre for Innovative Cities, Singapore University of Technology and Design, the Infocomm Media Development Authority (IMDA) and the Personal Data Protection Commission have released Singapore’s first guide that helps companies manage AI’s impact on employees, and prepare for the future of work.
25/12/2020
The Italian Date Protection Authority (Garante Per La Protezione Dei Dati Personali) – Garante has launched a public consultation on the rules for the use of cookies and similar technologies.
25/12/2020
The Information Commissioner’s Office has published its Data Sharing Code of Practice on 17 December. The code, and the hub of new resources, provides practical advice to businesses and organisations on how to carry out responsible data sharing.
18/12/2020
The Data Protection Commission has imposed an administrative fine of €450,000 on Twitter. The draft decision in this inquiry, having been submitted to other Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through the Article 65 (“dispute resolution”) process since the introduction of the GDPR and was the first Draft Decision in a “big tech” case on which all EU supervisory authorities were consulted as Concerned Supervisory Authorities.
11/12/2020
On December 7, 2020, the CNIL fined Google LLC and Google Ireland Limited with a total fine of 100 million euros, in particular for deploying advertising cookies on the google.fr visitors’ devices without prior consent and for not meeting transparency requirements.
11/12/2020
The CNIL has fined Amazon Europe Core 35 million euros for placing advertising cookies on users' computers on the amazon.fr site without prior consent and for not informing them about cookies properly.
11/12/2020
New Zealand Privacy Act 2020 came into force on December 1, 2020 granting the Privacy Commissioner greater powers to ensure organisations and businesses comply with the Act.
11/12/2020
The Department of Justice has announced a settlement in which DISH Network LLC will pay $126 million in civil penalties to the United States in violation of the Federal Trade Commission's Telemarketing Sales Rule and $84 million to four states for violations of the Telephone Consumer Protection Act, for a total settlement of $210 million.
23/11/2020
The CNIL provides answers to the most frequent questions concerning remote working and reiterates certain principles common to the labour law and the GDPR.
22/11/2020
The proposed amendments to the Personal Data Protection Act to address Singapore’s evolving digital economy needs, and related amendments to the Spam Control Act, were passed in the Parliament on 2 November 2020.
22/11/2020
The Federal Trade Commission announced on 9th November, a settlement with Zoom Video Communications, that will require the company to implement a comprehensive security program, a prohibition on privacy and security misrepresentations.
19/11/2020
Abu Dhabi Global Market has announced that its new Data Protection Regulations is open for public consultation until December 19.
17/11/2020
The Information Commissioner's Office found that the company failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page. Ticketmaster’s failure to protect customer information is a breach of the General Data Protection Regulation (GDPR).
The European Commission (EC) has adopted the new standard contractual Clauses between controllers and processor located in the EU open for public feedback until December 10, 2020.
10/11/2020
The The Information Commissioner’s Office has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal data secure.
07/11/2020
The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.
28/10/2020
The European Data Protection Board has published the final version of the Guidelines on Article 25 Data Protection by Design and by Default.
27/10/2020
Spanish Data Protection Authority (Agencia Española de Protección de Datos or “AEPD”) has issued its Guidelines on data protection by default.
27/10/2020
The UK Information Commissioner’s Office has issued its report on the investigation into the offline marketing services of the data broking industry and, in particular, the activities of the UK’s three largest credit reference agencies Experian Limited, Equifax Limited, and the relevant entities within the TransUnion group of companies (TransUnion International UK Limited and Callcredit Marketing Limited).
27/10/2020
The UK Information Commissioner’s Office has issued new detailed Guidance on the Right of Access. The previous Subject Access Code of Practice had been issued under the previous Data Protection Act and the ICO has announced it will be updated.
18/10/2020
Facial recognition at airports can automate and speed up moving of passengers by replacing the control of travel and identity documents. Since it carries higher risk to the rights and freedoms of individuals, the CNIL has issued a set of recommendations to consider when implementing facial recognition at airports.
10/10/2020
Securing an information system is essential to guarantee that the customers’ personal data is not stolen or compromised. SQL injection is a widespread attack, which can cause serious harm to individuals. It can allow a remote control of the server or installing a keylogger. The CNIL recommends how to protect against SQL attack and what to do in the case of becoming a victim of the attack.
05/10/2020
Association of German Data Protection Authorities (“Datenschutzkonferenz” or “DSK”) has issued a paper on employee data protection outlining what employers in private sector have to take into account when processing employee personal data.
02/10/2020
The CNIL has adopted amending guidelines as well as a recommendation on the use of cookies and other tracers. The deadline for compliance with the new is end of March 2021 at the latest.
02/10/2020
The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has issued a fine of 35,258,707.95 Euros against H&M Hennes & Mauritz Online Shop A.B. & Co KG. The company is registered in Hamburg and operates a service center in Nuremberg.
02/10/2020
The UK Information Commissioner’s Office (ICO) is running a consultation about an updated version of the Statutory guidance on how the ICO will exercise its data protection regulatory functions of information notices, assessment notices, enforcement notices and penalty notices. This consultation closes on November 12, 2020
29/09/2020
The U.S. Government has prepared the White Paper, which outlines the robust limits and safeguards in the United States pertaining to government access to data.
29/09/2020
The U.S. Department of Health and Human Services has announce that Premera Blue Cross had agreed to pay $6.85 million to the Office for Civil Rights at the HHS and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act Privacy and Security Rules related to a breach affecting over 10.4 million people.
24/09/2020
The CNIL, French Data Protection Authority, has issued a reminder to all employers to adhere to certain principles when processing personal data in the context of the COVID-19 pandemic.
22/09/2020
The Personal Data Protection Commission has published its new Guide to Managing Data Intermediaries and its Personal Data Protection Digest 2020.
21/09/2020
The European Commission has issued a report on Ethics of Connected and Automated Vehicles - Recommendations on road safety, privacy, fairness, explainability and responsibility. It contains 20 recommendations concerning the future development and use of connected and automated vehicles.
21/09/2020
The European Parliament has prepared a document on Schrems 2 decision to its Members, to assist them in their parliamentary work.
14/09/2020
The UK Information Commissioner’s Office has published its Accountability Framework which can help organizations to comply with data protection laws.
09/09/2020
The European Data Protection Board has published Guidelines 08/2020 on the targeting of social media users version for public consultation. Comments should be sent by October 19, 2020.
09/09/2020
The European Data Protection Board has published Guidelines 07/2020 on the concepts of controller and processor in the GDPR version for public consultation. Comments should be sent by October 19, 2020.
06/09/2020
The Irish Data Protection Commission has issued Guidance to individuals and organizations who accidentally receive personal data, and Guidance to controllers who lose control over personal data in those circumstances.
03/09/2020
The CNIL, French Data Protection Authority, has published its new Control Charter which contains information on how CNIL enforces GDPR and the Data Protection Act. The CNIL has several missions and powers, including the possibility of controlling and sanctioning organizations.
03/09/2020
The Office of the New Zealand Privacy Commissioner has issued a detailed table comparing the Privacy Act 1993 with the Privacy Act 2020.
02/09/2020
The Information Commissioner’s Office code requiring organisations to provide better online privacy protections for children comes into force today, on September 02, 2020.
30/08/2020
The Singaporean Personal Data Protection Commission announced on August 03, 2020 that eight organisations were found in breach of the Personal Data Protection Act.
26/08/2020
The Office of the Privacy Commissioner of Canada (OPC) has published the new Privacy Guide for Businesses. The Guide provides the summary of the PIPEDA and an overview of the CASL. It also addresses important points when dealing with data breaches and provides information on how to obtain a meaningful consent.
21/08/2020
For the first time since the GDPR came into force, a matter has been referred to the European Data Protection Board (EDPB) to adopt the binding decision under Article 65 of the GDPR. In May 2020, the Irish Data Protection Commission (DPC) has submitted the draft decision in relation to a statutory inquiry it has completed into Twitter, to other concerned Supervisory Authorities for their opinions and views.
11/08/2020
The Office of the Australian Information Commissioner has issued the Notifiable Data Breaches Report for the period from January to June 2020. The Commissioner, Angelene Falk, has said that malicious or criminal attacks including cyber incidents remain the leading cause of data breaches involving personal information in Australia.
08/08/2020
The Office of the Comptroller (OCC) has issued an $80 million civil penalty against Capital One, N.A., and Capital One Bank (USA), N.A. and mandated them to strengthen their compliance programme by appointing a compliance committee and developing comprehensive action plan to comply with the order. This decision is the result of failing to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner. In taking this action, the OCC positively considered the bank's customer notification and remediation efforts
08/08/2020
The UK Information Commissioner’s Office (ICO) has issued the Guidance on AI and data protection (Guidance). It provides a framework for auditing AI, focusing on best practices for data protection compliance. It provides a clear methodology to audit AI applications and ensure they process personal data fairly – something ICO has highlighted as the key challenge for artificial intelligence processing personal data.
02/08/2020
Spanish Data Protection Authority, Agencia española de protección de datos (AEPD), has updated its Cookies Guidelines.
25/07/2020
The European Data Protection Board (EDPB) has issued answers to the questions they have received from the EU data protection authorities (DPAs) about the Schrems 2 case. In essence, the EDPB follows the position of the CJEU. If you are still unclear on what to do in the days after the CJEU decision this short summary of the FAQs can help.
22/07/2020
The Court of Justice of the European Union (CJEU) has invalidated the EU-US Privacy Shield Framework and found that Standard Contractual Clauses (SCC) for data transfers between EU and non-EU countries are valid. This was the outcome of the CJEU decision C-311/18 – Facebook Ireland and Schrems issued on July 16th 2020.
21/07/2020
When Google and Apple have announced that they had been developing contact tracing app in which users’ privacy and security will be central to the design, government across the world used the code to develop contact tracing apps and they have been downloaded more than 20 million times. They have said that they will ban the use of the of location tracking in the apps and they will focus on the use of Bluetooth technology.
20/07/2020
The UK Information Commissioner's Office has published it 2019-2020 annual report. It covers a key period in data protection and broader information rights. The report is split into three sections: the performance report, the accountability report and it is concluded with the ICO's financial statements .
20/07/2020
New Zealand’s Office of the Privacy Commissioner (OPC) has issued the new bi-weekly newsletter. It contains the news about the Privacy Act 2020, recent privacy survey, the new Privacy Act 2020 e-learning module, details of the Commissioner’s promotions of the new Privacy Act and the schedule of the Simply Privacy workshops.
