Data Protection Law Compliance

Key practice takeaways from the Kişisel Verileri Koruma Kurumu (KVKK) Turkey EUR 195,000 fine against WhatsApp (which echoes the Data Protection Commission Ireland decision in many respects):

  • Consent as a legal basis can only be used when it is obtained for a specific data processing. Agreement to terms, which include transfers to third parties and

What are practical lessons learned from the $85 million Zoom settlement?

  • You can have big ticket enforcement dollars even without GDPR or CCPA.
  • When you integrate a third party feature – including via a Software Development Kit (SDK) that shares information with a third party and especially when that third party can use the information

Children’s data isn’t child’s play.

If you have a product or service that collects information from children, you should:

  • Be transparent. No, really. And figure out the best ways to be transparent for kids, which includes just in time notices, video and audio. It is a good idea to enlist the help of UX/CX experts

Commission d’access a la information du Quebec has issued guidance on employee geolocation tracking.

Here are some key takeaways:

  • Unless the law expressly provides for it, a company may not require a person to be tied to a device that makes it possible to know where he is.
  • Without obtaining valid consent from its employees,

U.S. Senator Edward J. Markey of Massachusetts has introduced the “Algorithmic Justice and Online Platform Transparency Act.”

If signed into law, the bill will impose several new requirements on online platforms:

  • Transparency – including explaining the information collected, how it is used (for advertising and/or content moderation), method by which the type of algorithmic process

Bang for your privacy compliance spend buck.

For every $1 an organization spends on privacy compliance, they receive a $2.70 return on investment, finds a recent survey conducted by Cisco.

The study also found that the more mature privacy programs were seeing much better ROI. Companies that had scores above four on a scale of

The UK’s Information Commissioner’s Office (ICO) has announced a completion deadline for their code that will translate General Data Protection Regulation (GDPR) requirements into design standards that protect children who access online services.

The code is being refined following a consultation period and will be made final on November 23, 2019.

The ICO stated that