The International Association of Privacy Professionals is holding its 2019 Europe Data Protection Conference in Brussels. Partner Odia Kagan, who is in attendance, shares some takeaways from day two of the event.

The Importance of Informed Consumers

When consumers feel they are more knowledgeable about the provisions of GDPR, they are more comfortable with

The International Association of Privacy Professionals is holding its 2019 Europe Data Protection Conference in Brussels. Partner Odia Kagan, who is in attendance, shares some takeaways from day one of the event.

Irish Data Commission Plans Cookie Banner Guidance

Irish Data Protection Commissioner Helen Dixon says the commission has completed a search and sweep

The Spanish AEPD has published guidelines on patient health data protection.

The guidelines track the requirements of GDPR as applicable to patient data including the obligation to provide adequate disclosure under Article 12 and data subject rights.

Key Takeaways

  • In the field of health care the right to suppression of clinical history data is very

Kenyan President Uhuru Kenyatta approved a data protection law which complies with European Union legal standards, according to Thomson-Reuters.

The new law sets out restrictions on how personally identifiable data obtained by firms and government entities can be handled, stored and shared. Those violating the law face a maximum fine of 3 million shillings

The European Data Protection Board has issued long-awaited final guidelines for the extraterritorial application of the General Data Protection Regulation (GDPR).

Key changes:
  • GDPR can apply extraterritorially to some streams of data processing and not others, and not to the entire entity.
  • GDPR applies to many non-EU data processors, including cloud storage providers for data

The Polish data protection authority has fined ClickQuickNow €47,126.97 for violating the General Data Protection Regulation (GDPR) by requiring too difficult a process for revoking consent.

The process in question required the person who submits the statement of withdrawal of consent to indicate the reason for his request after the site provided the person with

The auto-complete function is not prohibited by GDPR, says the Danish data protection authority.

  • The search function suggested certain search suggestions automatically including the complainant’s name.
  •  The purpose of the function was to offer a better service to citizens.
  • The municipality also stated that when a user performs a search only the entered keyword is

In a complaint, the Federal Trade Commission alleges that between January 2017 and October 2018, RagingWire Data Centers, Inc. claimed in its online privacy policy that the company participated in the Privacy Shield framework and complied with the program’s requirements, even though it had allowed its certification to lapse in January 2018.

The Department of

The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR.

Key takeaways:

  • You need to develop, embed and maintain a culture of data protection in your processing activities, with compliance demonstrably supported from the top.
  • All processing of personal data should be subject to overview, governance and demonstrable compliance.
  • Key

The California Attorney General considered and rejected the creation of a safe harbor exemption from the CCPA for businesses that are already complying with GDPR, says the statement of reasons that accompanies the draft CCPA Regulations.

“The Attorney General rejected this alternative because CCPA and GDPR have different requirements, different definitions, and different scopes. For