Beware the unsolicited email.

UK ICO fines a pensions company £40,000 for sending nearly two million direct marketing emails without consent.

Points to note:

  • You can’t generally send marketing emails without receiving the consent of the recipient.
  • Even if you use a third party mailer, it is your responsibility to ensure consent has been duly

Some in Congress are renewing calls for strict federal privacy protections.

“We need a privacy bill of rights, a set of protections that is no less stringent than the people of California enjoy, no less protected than the people of Europe have,” says Sen. Richard Blumenthal (D-Conn.)

Jerry Moran (R-Kan.) also cited both the California

The California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR) apply even to companies with fewer than 250 employees… but they may not know it yet.

A recent study reveals that “Company size definitely influences knowledge and preparedness levels. 51 percent of the companies that had at least 250 employees felt

GDPR Data minimization in action. Danish Data Protection Authority (Datatilsynet) finds cab company Taxa 4×35’s records retention practices in violation of the GDPR data minimization principle.

The cab company removed names from records after two years. For another three years, all ride records remained, together with the person’s phone number.

Key points:

  • The removal of

GDPR right of access applies in the work context too.

Four Uber drivers from London, Nottingham and Glasgow claim Uber has breached their rights by failing to disclose personal data the firm holds on them in breach of the right of access under Art 15. GDPR.

The information includes:

  • Duration of time logged on to

EDPB on the ePrivacy Directive and GDPR:

  • In situations where the ePrivacy Directive renders more specific the rules of the GDPR, the provisions of the ePrivacy Directive take precedence over the provisions of the GDPR. However, any processing of personal data which is not specifically governed by the ePrivacy Directive remains subject to the provisions

Utah legislators voted unanimously to pass landmark legislation in support of a new privacy law that will protect private electronic data stored with third parties like Google or Facebook from free-range government access.

The bill stipulates that law enforcement will be required to obtain a warrant before accessing “certain electronic information or data.” There are

Data subject access rights and your medical practice.

The UK Information Commissioner’s Office (ICO) issues advice.

Medical practices have reported a significant rise in subject access requests (SARs) since the GDPR came into effect in May last year, which is a similar trend in other sectors.

  • General Practicioners (GPs) cannot query the reason for requesting

A pre-ticked checkbox is not valid consent for placing cookies under the EU eprivacy directive – says the Advocate General to the Court of Justice of the EU in the Planet49 case.

Other takeaways:

  • Pre-ticked box + an active “click” on “participate in lottery” is still not sufficient consent for placing cookies. For consent to

A survey shows that most companies are not yet ready for the California Consumer Privacy Act (CCPA), and this includes companies that have undergone compliance processes for the EU General Data Protection Regulation (GDPR).

CCPA is not GDPR or a subset of GDPR. It’s a different law with different requirements, for which preparation will require