“New York Gov. Andrew Cuomo recently signed legislation that will effectively prohibit ambulance and first response service providers from disclosing or selling patient data to third parties for marketing purposes.

The bill was signed into law on October 7. The new law bans the sale of patient data, or individually identifying information to third parties,

A local  Munich court has interpreted the right of access under Article 15 of GDPR and German law. Here are some key takeaways for GDPR and for consumer access requests under CCPA:

  • The right of access under GDPR is a comprehensive right concerning the stored or processed personal data.
  • It includes all data, such as

The Irish Data Protection Commission (DPC) does not have any power to order an organization to pay compensation to an affected data subject.

In the case of administrative fines, any funds collected from these fines go to the state exchequer. In addition to the powers the DPC has to enforce data subjects’ rights, individuals are

The Court of Justice of the European Union has issued its Planet 49 decision.

Key takeaways:

  • A pre-checked check box is not sufficient consent for the placement of cookies.
  • You need active consent whether or not cookies collect personal data.
  • The fact that a user activates the promotional game participation button is not sufficient to

Ecuador is considering a GDPR – like privacy law.

“A massive data breach in Ecuador has sparked a new push to pass data protection legislation that would mirror the European Union’s privacy regime. The National Assembly is debating a bill that allows citizens to access, correct, eliminate and oppose the use of their personal data

The Liechtenstein data protection authority has issued guidance on joint controllership under GDPR:

Examples of joint controllers:
  • If two companies jointly organize a competition in which the name and address are collected by the participants for the subsequent delivery of the prizes.
  • If a website operator integrates a Facebook “Like” button on his website in

“Whenever there is no clear guidance under the GDPR on how to obtain certain security objectives, it certainly seems wiser and more rational to use existing solutions provided by NIST publications than to wait until more EU guidelines would be available. Later you could further build on what you already have, rather than start from

GDPR permits a general contractor to disclose personal information of the client who hired them for a home renovation to subcontractors, for their purpose of carrying out the renovation as well as for the correction of defects within the scope of the warranty.

The legal basis for this is that it is necessary for the