“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data transfers while guaranteeing an appropriate level of protection for people globally,”  say Alessandra Pierucci, Chair of the Committee of Convention 108

Blockchain and data protection: A report issued by the Law Society and Tech London Advocates & Global Tech Advocates highlights the extent of unknowns in a series of questions posed for the UK Information Commissioner’s Office.

  • What does “all means reasonably likely to be used” mean under Recital 26 of the General Data Protection Regulation

The Washington Privacy Act is back and now includes provisions for handling personal data during a public health emergency such as a pandemic.

Its provisions are closer to the European Union’s General Data Privacy Regulation (GDPR) than the California Consumer Privacy Act (CCPA) and include:

  • Controller and processor obligations
  • Right of correction
  • Provisions regarding profiling

On the heels of the Court of Justice of the European Union’s decision in Schrems II, Switzerland’s Federal Data Protection and Information Commissioner (FDPIC)  has determined that the U.S.-Swiss Privacy Shield does not meet the “requirements of adequate data protection as defined by the FADP (Swiss Federal Act on Data Protection).” It issued a policy

There is no quick fix to the Schrems II decision, says European Union Justice Commissioner Didier Reynders.
Per Bloomberg Law: Justice Commissioner Reynders plans to finalize work by the end of this year on clauses that companies use to safely transfer data. In addition, talks with the U.S. will intensify in coming weeks on “sustainable

The European Data Protection Supervisor has issued guidance on data protection and body temperature taking.

Key takeaways:
  • Basic body temperature checks designed to measure body temperature only, operated manually and not followed by registration, documentation or other processing of individuals’ personal data are, in principle, not subject to the regulation.
  • Other systems of temperature checks,

Poland’s data protection authority, the UODO, offers guidance on email monitoring in the workplace:

  • The employer may introduce monitoring of the employee’s e-mail when it is necessary in the employer’s opinion to ensure work organization that allows full use of working time and proper use of the work tools provided to the employee.
  • The monitoring

“Going forward, (Data Protection Impact Assessments) DPIAs should be considered beneficial to both controllers and processors for multiple reasons, including determining which alternative transfer mechanisms might be most viable, as well as establishing supplementary measures,” says Adam C. Schlosser for IAPP, the International Association of Privacy Professionals.

“Also, in light of the recent decision, there