The Polish data protection authority has fined ClickQuickNow €47,126.97 for violating the General Data Protection Regulation (GDPR) by requiring too difficult a process for revoking consent.

The process in question required the person who submits the statement of withdrawal of consent to indicate the reason for his request after the site provided the person with

The auto-complete function is not prohibited by GDPR, says the Danish data protection authority.

  • The search function suggested certain search suggestions automatically including the complainant’s name.
  •  The purpose of the function was to offer a better service to citizens.
  • The municipality also stated that when a user performs a search only the entered keyword is

In a complaint, the Federal Trade Commission alleges that between January 2017 and October 2018, RagingWire Data Centers, Inc. claimed in its online privacy policy that the company participated in the Privacy Shield framework and complied with the program’s requirements, even though it had allowed its certification to lapse in January 2018.

The Department of

The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR.

Key takeaways:

  • You need to develop, embed and maintain a culture of data protection in your processing activities, with compliance demonstrably supported from the top.
  • All processing of personal data should be subject to overview, governance and demonstrable compliance.
  • Key

The California Attorney General considered and rejected the creation of a safe harbor exemption from the CCPA for businesses that are already complying with GDPR, says the statement of reasons that accompanies the draft CCPA Regulations.

“The Attorney General rejected this alternative because CCPA and GDPR have different requirements, different definitions, and different scopes. For

The French Data Protection Authority,  CNIL, has prohibited the use of facial recognition to control entry into a school as disproportionate saying that alternative less intrusive means are available, such as badge control.

Key takeaways:

  • Processing of biometric data is of particular sensitivity, justifying enhanced protection of individuals.
  • Facial recognition devices are particularly intrusive and

According to the NewEurope newspaper, “Sweden’s data protection authority has approved the use of facial recognition technology by the police, to help identify criminal suspects.”

“The new application of facial biometric screening will allow Swedish police to compare facial images from closed-circuit TV footage to an existing biometric database of over 40,000 pictures.”

“According to

The UK’s Information Commissioner’s Office has issued an opinion on the use of Live Facial Recognition technology by law enforcement.

Key takeaways:

  • The use of Live Facial Recognition (LFR) involves processing of personal data and therefore data protection law applies.
  • The use of LFR for law enforcement purposes constitutes “sensitive processing.”  As such, a Data

Ireland’s Data Protection Commission has issued a guidance note on the right of access under the General Data Protection Regulation.

Key takeaways:

  • Requests to access data are the majority of complaints received.
  • If reasonably necessary to clarify the request, you may request that the requester specify the information or processing activities they want access to.

The United Kingdom’s Information Commissioner’s Office has launched a public consultation on how to create a toolkit to help organizations assess whether they have appropriate and effective internal data protection governance arrangements in place and to help them demonstrate their compliance with the General Data Protection Regulation (GDPR).

Per the GDPR accountability principle, data controllers