A new study has found only 11.8% of the most popular Consent Management Platforms (CMPs) used on UK websites meet the minimal requirements under GDPR and Europe’s eDirective regulations regarding cookies and consent.

The researchers’ scraper was used to determine whether a consent form met GDPR and eDirective requirements.

The rules say consent must be

“Adequacy” seems to be the hardest word.

On the brink of Brexit and the UK becoming a “third country” without a so called “adequacy” status for the cross border transfer of personal data from the European Union — Could California have its own Privacy Shield arrangement separate from the rest of the U.S.?

This question

Wherefore art thou GDPR?

Some EU supervisory authorities are voicing dissatisfaction with enforcement of GDPR to date.

“After nearly one and a half years we must concede that we have a huge problem with the enforcement of cross border processing especially by globally acting companies,” says a spokesperson for the Hamburg data protection authority authority,

French Data Protection Authority CNIL has weighed in on CCTV surveillance in schools.

CNIL received 25 complaints regarding systematic surveillance of students throughout their day, whether during their recess, during their lunch in the canteen or even during their class time. These cameras also made it possible to film almost constantly a part of the

The United Kingdom’s Information Commissioner’s Office has issued for public consultation a  draft guidance on the Right of Access under the General Data Protection Regulation (GDPR).

Read my detailed analysis for key takeaways on how to handle the access request, and how to structure your systems to ensure that one does not fall between the

“Perhaps the more urgent need is to share ideas, instead of rushing to share people’s data,” writes European Data Protection Supervisor Wojciech Wiewiórowski.

“More than ever, there is a need to illuminate new paths for rewarding more sustainable business models that do not rely on the ubiquitous and constant tracking of human behaviour and relationships,

The Belgian data protection authority has published for public consultation its priorities for 2019-2025.

They are divided into three main categories:

Priorities by sector

  • Telecommunication and media
  • Government
  • Direct Marketing
  • Education

Priorities focused on the themes of the AVG (General Data Protection Regulation)

  • Role of the Data Protection Officer or “DPO”
  • Legitimacy of processing
  • Citizens’

In a statement of its priorities over the next year, French data privacy regulator CNIL emphasizes the importance of a balanced approach to data protection regulation.

Key Takeaways:

The CNIL’s enforcement actions have gained added momentum with enactment of the GDPR, and the CNIL must commit itself fully in this respect.

“At the same time,

Standard Contractual Clauses live to fight another day.

“(There) is an obligation — placed on the controllers … and, where the latter fail to act, on the supervisory authorities … — to suspend or prohibit a transfer when, because of a conflict between the obligations arising under the standard clauses and those imposed by the

The French Competition Authority has announced it imposed a sanction of €150 million on Google for abusing its dominant position in search advertising.

The authority also ordered Google to:

  • clarify the drafting of the rules for its Google Ads advertising platform and review the information procedures concerning changes to the rules (individual notification two months