EDPB and EDPS Joint Opinion 1/2021

20/01/2021


EDPB and EDPS Joint Opinion 1/2021

The European Data Protection Board and the European Data Protection Supervisor have adopted a joint opinion on the European Commission Implementing Decision on Standard Contractual Clauses Between Controllers and Processors. The aim is to ensure consistency and a correct application of Article 28 GDPR as regards the presented Draft SCCs that could serve as standard contractual clauses in compliance with Article 28 (7) Regulation (EU) 2016/679 and Article 29 (7) Regulation (EU) 2018/1725 .


Continue Reading
ICO Publishes New Data Sharing Code of Practice

25/12/2020


ICO Publishes New Data Sharing Code of Practice

The Information Commissioner’s Office has published its Data Sharing Code of Practice on 17 December. The code, and the hub of new resources, provides practical advice to businesses and organisations on how to carry out responsible data sharing.


Continue Reading
ICO has fined Ticketmaster UK Limited £1.25million over a data breach

17/11/2020


ICO has fined Ticketmaster UK Limited £1.25million over a data breach

The Information Commissioner's Office found that the company failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page. Ticketmaster’s failure to protect customer information is a breach of the General Data Protection Regulation (GDPR).


Continue Reading
Overview of the European Commission Draft of Standard Contractual Clauses Between Controllers and Processors  Located in the EU

14/11/2020


Overview of the European Commission Draft of Standard Contractual Clauses Between Controllers and Processors Located in the EU

The European Commission (EC) has adopted the new standard contractual Clauses between controllers and processor located in the EU open for public feedback until December 10, 2020.


Continue Reading
The EDPB Guidelines on Article 25 Data Protection by Design and by Default

28/10/2020


The EDPB Guidelines on Article 25 Data Protection by Design and by Default

The European Data Protection Board has published the final version of the Guidelines on Article 25 Data Protection by Design and by Default.


Continue Reading
Spanish Data Protection Authority Has Issued Guidelines for Data Protection by Default

27/10/2020


Spanish Data Protection Authority Has Issued Guidelines for Data Protection by Default

Spanish Data Protection Authority (Agencia Española de Protección de Datos or “AEPD”) has issued its Guidelines on data protection by default.


Continue Reading
The ICO report on Investigation into Data Protection Compliance in the Direct Marketing Data Broking Sector

27/10/2020


The ICO report on Investigation into Data Protection Compliance in the Direct Marketing Data Broking Sector

The UK Information Commissioner’s Office has issued its report on the investigation into the offline marketing services of the data broking industry and, in particular, the activities of the UK’s three largest credit reference agencies Experian Limited, Equifax Limited, and the relevant entities within the TransUnion group of companies (TransUnion International UK Limited and Callcredit Marketing Limited).


Continue Reading
Summary of the ICO Guidance on the Right of Access

27/10/2020


Summary of the ICO Guidance on the Right of Access

The UK Information Commissioner’s Office has issued new detailed Guidance on the Right of Access. The previous Subject Access Code of Practice had been issued under the previous Data Protection Act and the ICO has announced it will be updated.


Continue Reading
Facebook’s Custom Audience - is Facebook a Processor

25/10/2020


Facebook’s Custom Audience - is Facebook a Processor

This Article will analyze the relationship between Facebook and a targeter - third party who is targeting their customers through Facebook’s Custom Audience feature.


Continue Reading
Association of German Data Protection Authorities Issues a Paper on Employee Data Protection

05/10/2020


Association of German Data Protection Authorities Issues a Paper on Employee Data Protection

Association of German Data Protection Authorities (“Datenschutzkonferenz” or “DSK”) has issued a paper on employee data protection outlining what employers in private sector have to take into account when processing employee personal data.


Continue Reading
The Hamburg Commissioner for Data Protection and Freedom of Information Has Issued 35.3 Million Euros Fine to Hennes and Mauritz

02/10/2020


The Hamburg Commissioner for Data Protection and Freedom of Information Has Issued 35.3 Million Euros Fine to Hennes and Mauritz

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has issued a fine of 35,258,707.95 Euros against H&M Hennes & Mauritz Online Shop A.B. & Co KG. The company is registered in Hamburg and operates a service center in Nuremberg.


Continue Reading
European Commission - Ethics of Connected and Automated Vehicles

21/09/2020


European Commission - Ethics of Connected and Automated Vehicles

The European Commission has issued a report on Ethics of Connected and Automated Vehicles - Recommendations on road safety, privacy, fairness, explainability and responsibility. It contains 20 recommendations concerning the future development and use of connected and automated vehicles.


Continue Reading
The European Parliament Paper on Schrems 2

21/09/2020


The European Parliament Paper on Schrems 2

The European Parliament has prepared a document on Schrems 2 decision to its Members, to assist them in their parliamentary work.


Continue Reading
The UK Information Commissioner’s Office Has Introduced the Accountability Framework

14/09/2020


The UK Information Commissioner’s Office Has Introduced the Accountability Framework

The UK Information Commissioner’s Office has published its Accountability Framework which can help organizations to comply with data protection laws.


Continue Reading
Irish Data Protection Commission Triggers the Dispute Resolution Mechanism

21/08/2020


Irish Data Protection Commission Triggers the Dispute Resolution Mechanism

For the first time since the GDPR came into force, a matter has been referred to the European Data Protection Board (EDPB) to adopt the binding decision under Article 65 of the GDPR. In May 2020, the Irish Data Protection Commission (DPC) has submitted the draft decision in relation to a statutory inquiry it has completed into Twitter, to other concerned Supervisory Authorities for their opinions and views.


Continue Reading