The Network Advertising Initiative (NAI), an industry trade group that develops self-regulatory standards for online advertising, has released its Precise Location Information Solution Provider Voluntary Enhanced Standards.
The new standards restrict the use, sale, or transfer of location data correlating to Sensitive Points of Interest, which include places tied to…Continue Reading The NAI’s Precise Location Information Solution Provider Voluntary Enhanced Standards: What You Need to Know
Plaintiffs have filed a wave of consumer litigation against website owners/operators alleging violations of state…Continue Reading Understanding the 9th Circuit’s Recent Ruling on Session Replay Software
The Health Insurance Portability and Accountability Act of 1996 may be the most well-known privacy…Continue Reading HIPAA Covers a Lot Less Than People Think. But Beware of Other US Privacy Laws.
Does vehicle service data for services performed on a vehicle while owned by a previous…Continue Reading Does Vehicle Service Data “Relate to an Identifiable Individual?” Finland DPA Says It’s Complicated
The old saying went that “if you don’t want it on the front page of the newspaper, don’t put it in an email.” Well, if you don’t want to produce…Continue Reading If You Don’t Want It Released to an Employee, Don’t Put It in Your Employee Files
Let’s say you are an EU company. You engage a processor. Data is processed in the EU. There is no transfer.
But in the processor-sub-processor data processing agreement, the data…Continue Reading Where Is a Transfer? Datatilsynet Says Almost Everywhere!
Datatilsynet Norway has issued a helpful guide on the data protection aspects of employee monitoring, which are helpful for GDPR, but also for California employers with CPRA bringing employee rights…Continue Reading What Employers Need to Know About Monitoring Employee E-Mail
What can we learn about disclosures and how to draft privacy notices from the Sweden IMY decision? And why is it important for both GDPR companies and CPRA, CDPA, CPA…Continue Reading Clear & Concise and Everything Nice: What the IMY Decision Means for Your Privacy Notice
Here are five things you should know about Google Analytics, transfers and Schrems II.
1. Down to Middle Earth We Go
Brush up on your J.R.R. Tolkien because Datatilsynet in…
The United Kingdom’s Information Commissioner’s Office has issued draft guidance regarding governance and anonymization.
What does it mean for GDPR and for the host of new US Privacy laws, including…Continue Reading Anonymization Governance: Why It’s Important for GDPR and for CPRA
Many EU companies have their own ideas on what US Privacy laws mean for the, Here are three of the more common myths out there, busted.
I don’t…Continue Reading Busted: Three Myths EU Companies Have About US Privacy laws
The supplemental measures adopted by Google to regulate data transfers within the framework of the Google Analytics functionality are not sufficient to exclude the possibility of access by American intelligence…Continue Reading No Google Analytics for You, Part Trois
The UK’s Information Commissioner’s Office (ICO) has issued guidance on pseudonymisation.
Here are some key points:
What is it?
At a basic level, pseudonymisation starts with a single input (the…Continue Reading Mi Pseudonym Es Su Pseudonym: ICO Issues Guidance on Pseudonymisation