CNIL Guide on the Use of Facial Recognition at Airports

18/10/2020


CNIL Guide on the Use of Facial Recognition at Airports

Facial recognition at airports can automate and speed up moving of passengers by replacing the control of travel and identity documents. Since it carries higher risk to the rights and freedoms of individuals, the CNIL has issued a set of recommendations to consider when implementing facial recognition at airports.


Continue Reading
CNIL Recommendations on the Prevention and Remediation of SQL Injections

10/10/2020


CNIL Recommendations on the Prevention and Remediation of SQL Injections

Securing an information system is essential to guarantee that the customers’ personal data is not stolen or compromised. SQL injection is a widespread attack, which can cause serious harm to individuals. It can allow a remote control of the server or installing a keylogger. The CNIL recommends how to protect against SQL attack and what to do in the case of becoming a victim of the attack.


Continue Reading
Association of German Data Protection Authorities Issues a Paper on Employee Data Protection

05/10/2020


Association of German Data Protection Authorities Issues a Paper on Employee Data Protection

Association of German Data Protection Authorities (“Datenschutzkonferenz” or “DSK”) has issued a paper on employee data protection outlining what employers in private sector have to take into account when processing employee personal data.


Continue Reading
CNIL Publishes Amended Guidelines and Recommendations on Cookies and Other Tracers

02/10/2020


CNIL Publishes Amended Guidelines and Recommendations on Cookies and Other Tracers

The CNIL has adopted amending guidelines as well as a recommendation on the use of cookies and other tracers. The deadline for compliance with the new is end of March 2021 at the latest.


Continue Reading
The Hamburg Commissioner for Data Protection and Freedom of Information Has Issued 35.3 Million Euros Fine to Hennes and Mauritz

02/10/2020


The Hamburg Commissioner for Data Protection and Freedom of Information Has Issued 35.3 Million Euros Fine to Hennes and Mauritz

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has issued a fine of 35,258,707.95 Euros against H&M Hennes & Mauritz Online Shop A.B. & Co KG. The company is registered in Hamburg and operates a service center in Nuremberg.


Continue Reading
ICO Consultation on the Draft Statutory Guidance

02/10/2020


ICO Consultation on the Draft Statutory Guidance

The UK Information Commissioner’s Office (ICO) is running a consultation about an updated version of the Statutory guidance on how the ICO will exercise its data protection regulatory functions of information notices, assessment notices, enforcement notices and penalty notices. This consultation closes on November 12, 2020


Continue Reading
Summary of the Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S.Data Transfers after Schrems II

29/09/2020


Summary of the Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S.Data Transfers after Schrems II

The U.S. Government has prepared the White Paper, which outlines the robust limits and safeguards in the United States pertaining to government access to data.


Continue Reading
Premera Blue Cross Settles HIPAA Violation

29/09/2020


Premera Blue Cross Settles HIPAA Violation

The U.S. Department of Health and Human Services has announce that Premera Blue Cross had agreed to pay $6.85 million to the Office for Civil Rights at the HHS and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act Privacy and Security Rules related to a breach affecting over 10.4 million people.


Continue Reading
CNIL - COVID-19 reminder on the collection of personal data by employers

24/09/2020


CNIL - COVID-19 reminder on the collection of personal data by employers

The CNIL, French Data Protection Authority, has issued a reminder to all employers to adhere to certain principles when processing personal data in the context of the COVID-19 pandemic.


Continue Reading
Singapore Personal Data Protection Commission Update

22/09/2020


Singapore Personal Data Protection Commission Update

The Personal Data Protection Commission has published its new Guide to Managing Data Intermediaries and its Personal Data Protection Digest 2020.


Continue Reading
European Commission - Ethics of Connected and Automated Vehicles

21/09/2020


European Commission - Ethics of Connected and Automated Vehicles

The European Commission has issued a report on Ethics of Connected and Automated Vehicles - Recommendations on road safety, privacy, fairness, explainability and responsibility. It contains 20 recommendations concerning the future development and use of connected and automated vehicles.


Continue Reading
The European Parliament Paper on Schrems 2

21/09/2020


The European Parliament Paper on Schrems 2

The European Parliament has prepared a document on Schrems 2 decision to its Members, to assist them in their parliamentary work.


Continue Reading
The UK Information Commissioner’s Office Has Introduced the Accountability Framework

14/09/2020


The UK Information Commissioner’s Office Has Introduced the Accountability Framework

The UK Information Commissioner’s Office has published its Accountability Framework which can help organizations to comply with data protection laws.


Continue Reading
The European Data Protection Board Has Published Guidelines on the Targeting of Social Media Users

09/09/2020


The European Data Protection Board Has Published Guidelines on the Targeting of Social Media Users

The European Data Protection Board has published Guidelines 08/2020 on the targeting of social media users version for public consultation. Comments should be sent by October 19, 2020.


Continue Reading
The European Data Protection Board Has Published Guidelines on the Concepts of Controller and Processor Version for Public Consultation

09/09/2020


The European Data Protection Board Has Published Guidelines on the Concepts of Controller and Processor Version for Public Consultation

The European Data Protection Board has published Guidelines 07/2020 on the concepts of controller and processor in the GDPR version for public consultation. Comments should be sent by October 19, 2020.


Continue Reading
The Irish Data Protection Commission Publishes Guidance Relating to Third Parties Accidentally in Receipt of Personal Data Relating to Other Individuals

06/09/2020


The Irish Data Protection Commission Publishes Guidance Relating to Third Parties Accidentally in Receipt of Personal Data Relating to Other Individuals

The Irish Data Protection Commission has issued Guidance to individuals and organizations who accidentally receive personal data, and Guidance to controllers who lose control over personal data in those circumstances.


Continue Reading
CNIL Controls Charter: Understand Everything

03/09/2020


CNIL Controls Charter: Understand Everything

The CNIL, French Data Protection Authority, has published its new Control Charter which contains information on how CNIL enforces GDPR and the Data Protection Act. The CNIL has several missions and powers, including the possibility of controlling and sanctioning organizations.


Continue Reading
Comparison of the New Zealand Privacy Acts

03/09/2020


Comparison of the New Zealand Privacy Acts

The Office of the New Zealand Privacy Commissioner has issued a detailed table comparing the Privacy Act 1993 with the Privacy Act 2020.


Continue Reading
The UK Age Appropriate Design Code Comes into Force

02/09/2020


The UK Age Appropriate Design Code Comes into Force

The Information Commissioner’s Office code requiring organisations to provide better online privacy protections for children comes into force today, on September 02, 2020.


Continue Reading
Eight Organisations in Breach of the Singaporean Personal Data Protection Act

30/08/2020


Eight Organisations in Breach of the Singaporean Personal Data Protection Act

The Singaporean Personal Data Protection Commission announced on August 03, 2020 that eight organisations were found in breach of the Personal Data Protection Act.


Continue Reading
The Office of the Privacy Commissioner of Canada new Privacy Guide for Businesses

26/08/2020


The Office of the Privacy Commissioner of Canada new Privacy Guide for Businesses

The Office of the Privacy Commissioner of Canada (OPC) has published the new Privacy Guide for Businesses. The Guide provides the summary of the PIPEDA and an overview of the CASL. It also addresses important points when dealing with data breaches and provides information on how to obtain a meaningful consent.


Continue Reading
Irish Data Protection Commission Triggers the Dispute Resolution Mechanism

21/08/2020


Irish Data Protection Commission Triggers the Dispute Resolution Mechanism

For the first time since the GDPR came into force, a matter has been referred to the European Data Protection Board (EDPB) to adopt the binding decision under Article 65 of the GDPR. In May 2020, the Irish Data Protection Commission (DPC) has submitted the draft decision in relation to a statutory inquiry it has completed into Twitter, to other concerned Supervisory Authorities for their opinions and views.


Continue Reading
The OAIC Notifiable Data Breaches Report: January–June 2020

11/08/2020


The OAIC Notifiable Data Breaches Report: January–June 2020

The Office of the Australian Information Commissioner has issued the Notifiable Data Breaches Report for the period from January to June 2020. The Commissioner, Angelene Falk, has said that malicious or criminal attacks including cyber incidents remain the leading cause of data breaches involving personal information in Australia.


Continue Reading
The Office of the Comptroller of the Currency Assesses $80 Million Civil Money Penalty Against Capital One

08/08/2020


The Office of the Comptroller of the Currency Assesses $80 Million Civil Money Penalty Against Capital One

The Office of the Comptroller (OCC) has issued an $80 million civil penalty against Capital One, N.A., and Capital One Bank (USA), N.A. and mandated them to strengthen their compliance programme by appointing a compliance committee and developing comprehensive action plan to comply with the order. This decision is the result of failing to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner. In taking this action, the OCC positively considered the bank's customer notification and remediation efforts


Continue Reading
The ICO has issued the Guidance on AI and Data Protection

08/08/2020


The ICO has issued the Guidance on AI and Data Protection

The UK Information Commissioner’s Office (ICO) has issued the Guidance on AI and data protection (Guidance). It provides a framework for auditing AI, focusing on best practices for data protection compliance. It provides a clear methodology to audit AI applications and ensure they process personal data fairly – something ICO has highlighted as the key challenge for artificial intelligence processing personal data.


Continue Reading
Spanish Data Protection Authority Has Issued an Update on Cookies Guidelines

02/08/2020


Spanish Data Protection Authority Has Issued an Update on Cookies Guidelines

Spanish Data Protection Authority, Agencia española de protección de datos (AEPD), has updated its Cookies Guidelines.


Continue Reading
Summary of the Frequently Asked Questions on the judgment of the Court of Justice of the European Union in the Schrems 2 Case

25/07/2020


Summary of the Frequently Asked Questions on the judgment of the Court of Justice of the European Union in the Schrems 2 Case

The European Data Protection Board (EDPB) has issued answers to the questions they have received from the EU data protection authorities (DPAs) about the Schrems 2 case. In essence, the EDPB follows the position of the CJEU. If you are still unclear on what to do in the days after the CJEU decision this short summary of the FAQs can help.


Continue Reading
The CJEU Decision on the Privacy Shield and Standard Contractual Clauses

22/07/2020


The CJEU Decision on the Privacy Shield and Standard Contractual Clauses

The Court of Justice of the European Union (CJEU) has invalidated the EU-US Privacy Shield Framework and found that Standard Contractual Clauses (SCC) for data transfers between EU and non-EU countries are valid. This was the outcome of the CJEU decision C-311/18 – Facebook Ireland and Schrems issued on July 16th 2020.


Continue Reading
Google Contact Tracing App Forces Users to Turn On Location Settings

21/07/2020


Google Contact Tracing App Forces Users to Turn On Location Settings

When Google and Apple have announced that they had been developing contact tracing app in which users’ privacy and security will be central to the design, government across the world used the code to develop contact tracing apps and they have been downloaded more than 20 million times. They have said that they will ban the use of the of location tracking in the apps and they will focus on the use of Bluetooth technology.


Continue Reading
The UK Information Commissioner's Office 2019-2020 Annual Report

20/07/2020


The UK Information Commissioner's Office 2019-2020 Annual Report

The UK Information Commissioner's Office has published it 2019-2020 annual report. It covers a key period in data protection and broader information rights. The report is split into three sections: the performance report, the accountability report and it is concluded with the ICO's financial statements .


Continue Reading
New Zealand’s Office of the Privacy Commissioner's Newsletter, July 9th 2020

20/07/2020


New Zealand’s Office of the Privacy Commissioner's Newsletter, July 9th 2020

New Zealand’s Office of the Privacy Commissioner (OPC) has issued the new bi-weekly newsletter. It contains the news about the Privacy Act 2020, recent privacy survey, the new Privacy Act 2020 e-learning module, details of the Commissioner’s promotions of the new Privacy Act and the schedule of the Simply Privacy workshops.


Continue Reading