Privacy Compliance Journey Series: Scope of the Law and Notification Requirements

26/03/2021


Privacy Compliance Journey Series: Scope of the Law and Notification Requirements

How to assess whether a privacy law applies to an organization? How to deal with notification requirements? You can find the answers to those questions in this article.


Continue Reading
Singapore PDPC Issues a Guide to Job Redesign in the Age of AI

31/12/2020


Singapore PDPC Issues a Guide to Job Redesign in the Age of AI

In collaboration with the Lee Kuan Yew Centre for Innovative Cities, Singapore University of Technology and Design, the Infocomm Media Development Authority (IMDA) and the Personal Data Protection Commission have released Singapore’s first guide that helps companies manage AI’s impact on employees, and prepare for the future of work.


Continue Reading
ICO Publishes New Data Sharing Code of Practice

25/12/2020


ICO Publishes New Data Sharing Code of Practice

The Information Commissioner’s Office has published its Data Sharing Code of Practice on 17 December. The code, and the hub of new resources, provides practical advice to businesses and organisations on how to carry out responsible data sharing.


Continue Reading
Irish Data Protection Commission Fined Twitter Over a Data Breach

18/12/2020


Irish Data Protection Commission Fined Twitter Over a Data Breach

The Data Protection Commission has imposed an administrative fine of €450,000 on Twitter. The draft decision in this inquiry, having been submitted to other Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through the Article 65 (“dispute resolution”) process since the introduction of the GDPR and was the first Draft Decision in a “big tech” case on which all EU supervisory authorities were consulted as Concerned Supervisory Authorities.


Continue Reading
Amazon Europe Core Fined 35 Million Euros for not Complying with Cookie Rules

11/12/2020


Amazon Europe Core Fined 35 Million Euros for not Complying with Cookie Rules

The CNIL has fined Amazon Europe Core 35 million euros for placing advertising cookies on users' computers on the amazon.fr site without prior consent and for not informing them about cookies properly.


Continue Reading
DISH Network Settles with the Department of Justice over Telemarketing Violations

11/12/2020


DISH Network Settles with the Department of Justice over Telemarketing Violations

The Department of Justice has announced a settlement in which DISH Network LLC will pay $126 million in civil penalties to the United States in violation of the Federal Trade Commission's Telemarketing Sales Rule and $84 million to four states for violations of the Telephone Consumer Protection Act, for a total settlement of $210 million.


Continue Reading
Zoom Settles with FTC after Deceiving Users About its Security Practices

22/11/2020


Zoom Settles with FTC after Deceiving Users About its Security Practices

The Federal Trade Commission announced on 9th November, a settlement with Zoom Video Communications, that will require the company to implement a comprehensive security program, a prohibition on privacy and security misrepresentations.


Continue Reading
ICO has fined Ticketmaster UK Limited £1.25million over a data breach

17/11/2020


ICO has fined Ticketmaster UK Limited £1.25million over a data breach

The Information Commissioner's Office found that the company failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page. Ticketmaster’s failure to protect customer information is a breach of the General Data Protection Regulation (GDPR).


Continue Reading
Overview of the European Commission Draft of Standard Contractual Clauses Between Controllers and Processors  Located in the EU

14/11/2020


Overview of the European Commission Draft of Standard Contractual Clauses Between Controllers and Processors Located in the EU

The European Commission (EC) has adopted the new standard contractual Clauses between controllers and processor located in the EU open for public feedback until December 10, 2020.


Continue Reading
The EDPB Guidelines on Article 25 Data Protection by Design and by Default

28/10/2020


The EDPB Guidelines on Article 25 Data Protection by Design and by Default

The European Data Protection Board has published the final version of the Guidelines on Article 25 Data Protection by Design and by Default.


Continue Reading
Spanish Data Protection Authority Has Issued Guidelines for Data Protection by Default

27/10/2020


Spanish Data Protection Authority Has Issued Guidelines for Data Protection by Default

Spanish Data Protection Authority (Agencia Española de Protección de Datos or “AEPD”) has issued its Guidelines on data protection by default.


Continue Reading
The ICO report on Investigation into Data Protection Compliance in the Direct Marketing Data Broking Sector

27/10/2020


The ICO report on Investigation into Data Protection Compliance in the Direct Marketing Data Broking Sector

The UK Information Commissioner’s Office has issued its report on the investigation into the offline marketing services of the data broking industry and, in particular, the activities of the UK’s three largest credit reference agencies Experian Limited, Equifax Limited, and the relevant entities within the TransUnion group of companies (TransUnion International UK Limited and Callcredit Marketing Limited).


Continue Reading
Summary of the ICO Guidance on the Right of Access

27/10/2020


Summary of the ICO Guidance on the Right of Access

The UK Information Commissioner’s Office has issued new detailed Guidance on the Right of Access. The previous Subject Access Code of Practice had been issued under the previous Data Protection Act and the ICO has announced it will be updated.


Continue Reading
Facebook’s Custom Audience - is Facebook a Processor

25/10/2020


Facebook’s Custom Audience - is Facebook a Processor

This Article will analyze the relationship between Facebook and a targeter - third party who is targeting their customers through Facebook’s Custom Audience feature.


Continue Reading
CNIL Recommendations on the Prevention and Remediation of SQL Injections

10/10/2020


CNIL Recommendations on the Prevention and Remediation of SQL Injections

Securing an information system is essential to guarantee that the customers’ personal data is not stolen or compromised. SQL injection is a widespread attack, which can cause serious harm to individuals. It can allow a remote control of the server or installing a keylogger. The CNIL recommends how to protect against SQL attack and what to do in the case of becoming a victim of the attack.


Continue Reading
Association of German Data Protection Authorities Issues a Paper on Employee Data Protection

05/10/2020


Association of German Data Protection Authorities Issues a Paper on Employee Data Protection

Association of German Data Protection Authorities (“Datenschutzkonferenz” or “DSK”) has issued a paper on employee data protection outlining what employers in private sector have to take into account when processing employee personal data.


Continue Reading
ICO Consultation on the Draft Statutory Guidance

02/10/2020


ICO Consultation on the Draft Statutory Guidance

The UK Information Commissioner’s Office (ICO) is running a consultation about an updated version of the Statutory guidance on how the ICO will exercise its data protection regulatory functions of information notices, assessment notices, enforcement notices and penalty notices. This consultation closes on November 12, 2020


Continue Reading
Summary of the Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S.Data Transfers after Schrems II

29/09/2020


Summary of the Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S.Data Transfers after Schrems II

The U.S. Government has prepared the White Paper, which outlines the robust limits and safeguards in the United States pertaining to government access to data.


Continue Reading
CNIL - COVID-19 reminder on the collection of personal data by employers

24/09/2020


CNIL - COVID-19 reminder on the collection of personal data by employers

The CNIL, French Data Protection Authority, has issued a reminder to all employers to adhere to certain principles when processing personal data in the context of the COVID-19 pandemic.


Continue Reading
Singapore Personal Data Protection Commission Update

22/09/2020


Singapore Personal Data Protection Commission Update

The Personal Data Protection Commission has published its new Guide to Managing Data Intermediaries and its Personal Data Protection Digest 2020.


Continue Reading
European Commission - Ethics of Connected and Automated Vehicles

21/09/2020


European Commission - Ethics of Connected and Automated Vehicles

The European Commission has issued a report on Ethics of Connected and Automated Vehicles - Recommendations on road safety, privacy, fairness, explainability and responsibility. It contains 20 recommendations concerning the future development and use of connected and automated vehicles.


Continue Reading
The European Parliament Paper on Schrems 2

21/09/2020


The European Parliament Paper on Schrems 2

The European Parliament has prepared a document on Schrems 2 decision to its Members, to assist them in their parliamentary work.


Continue Reading
The UK Information Commissioner’s Office Has Introduced the Accountability Framework

14/09/2020


The UK Information Commissioner’s Office Has Introduced the Accountability Framework

The UK Information Commissioner’s Office has published its Accountability Framework which can help organizations to comply with data protection laws.


Continue Reading
The Office of the Comptroller of the Currency Assesses $80 Million Civil Money Penalty Against Capital One

08/08/2020


The Office of the Comptroller of the Currency Assesses $80 Million Civil Money Penalty Against Capital One

The Office of the Comptroller (OCC) has issued an $80 million civil penalty against Capital One, N.A., and Capital One Bank (USA), N.A. and mandated them to strengthen their compliance programme by appointing a compliance committee and developing comprehensive action plan to comply with the order. This decision is the result of failing to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner. In taking this action, the OCC positively considered the bank's customer notification and remediation efforts


Continue Reading