General Data Protection Regulation (GDPR)

Subscribe to General Data Protection Regulation (GDPR)
Germany Map Flag
A vintage paper map of Germany.

The German Data Protection Conference (DSK) issued guidance on the Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (‘TTDSG’), which went into effect on December 1, 2021.

Some key takeaways:

Scope:

  • If no personal data is processed, only TTDSG is applicable. If both personal and non-personal data is

Ireland
Ireland and other European countries

With enforcement on children’s data privacy ramping up around the world, Ireland’s Data Protection Commission has issued a detailed report on the fundamental principles of such data privacy, as well as some helpful suggestions to controllers on how to improve.

The key principles:

  1. FLOOR OF PROTECTION: Online service providers should provide a “floor” of

PUB_Privacy(4)_1202221816

Norwegian regulator Datatilsynet has slapped Grindr, a location-based online dating application, with a $7.1 million fine for sharing data with advertisers without the consent of its users. Here are some of my initial takeaways.

General:

  • The opinion was released in (excellent) English, and this is very important and much appreciated.
  • The opinion is very well

Privacy

“Clear is kind. Unclear is unkind,” according to author Brené Brown.

A joint opinion from the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) on the European Union’s proposed digital and data strategies, including the Digital Services Act (DSA), the Digital Markets Act (DMA), the Data Governance Act (DGA) and the

Flags of USA and European Union
The flags of the United States and European Union.

If you use a U.S.-based sub processor (even for data processed in the EU), you lose, the German administrative court of Wiesbaden said in an interim decision.

No transfer. No worries. TIA anyway.

Even if the server is possibly located in the EU, the US company has access to it and the U.S. Cloud Act

PUB_Privacy(4)_1202221816

U.S. Congresswomen Anna Eshoo (D-California) and Zoe Lofgren (D-California) have reintroduced House Resolution 6027 for the Online Privacy Act of 2021.

Some of the bill’s key differentiators from CCPA, CDPA and CPA:

  • limitations on the disclosure of personal information to third parties that are not subject to the Act/jurisdiction of the US (Counter-Schrems II) (Section

Ireland
Ireland and other European countries

Data Protection Commission Ireland has issued a report on the responses it received to its public consultation on its guidance on children’s rights.

Of particular note is the careful consideration the commission gave the public input, as well as the time it took to thoughtfully respond.

Some key points:

On children as unique population:
“The

PUB_Privacy(5)_1062285074

What does the U.K. Information Commissioner’s Office have to say about what it takes for adtech initiatives to be compliant with data protection?

“There is an opportunity for market participants to move towards developing solutions that incorporate key considerations of data protection compliance. They should also place the interests, rights and freedoms of individuals at

The European Data Protection Board has issued draft guidelines on the interplay between Art 3.2 and Chapter V of GDPR. And they also have finally defined the term “transfer.”

Here are some key takeaways:

  • You must comply with the provisions of Chapter V GDPR, including the Schrems II assessment and supplemental measures, even when the