General Data Protection Regulation (GDPR)

Subscribe to General Data Protection Regulation (GDPR)

The European Data Protection Board has issued draft guidelines on the interplay between Art 3.2 and Chapter V of GDPR. And they also have finally defined the term “transfer.”

Here are some key takeaways:

  • You must comply with the provisions of Chapter V GDPR, including the Schrems II assessment and supplemental measures, even when the

PUB_Privacy(4)_1202221816

Helen Dixon, Ireland’s Data Protection Commissioner, gave the keynote speech during the closing session of the International Association of Privacy Professionals’ Data Protection Congress in Brussels.

Here are a few of the key takeaways.

  • No jurisdiction has all the answers to the challenges posed by the complex digital environment. We need to learn.
  • Ubiquitous is

Privacy

U.S. Representative Cathy McMorris Rodgers, the Republican leader of the House Energy and Commerce Committee, and U.S. Representative Gus Bilirakis, the Republican leader for the Consumer Protection and Commerce Subcommittee, have submitted the “Control Our Data Act” bill.

Here are some key points:

  • Required privacy disclosure, which also needs to include a summary
  • Required notice

Man painting colored arrows
A businessman paints many different arrows on a white wall.

The U.K.’s Information Commissioner’s Office (ICO) has responded to the U.K.’s Department for Digital, Culture, Media and Sport’s (DCMS) “Data: Unlimited” initiative.

There is a lot to unpack. Here is an analysis I wrote for OneTrust DataGuidance that may be helpful.

Key points:

  • The current approach does not work for people or businesses and commitment

Flags of USA and European Union
The flags of the United States and European Union.

While presenting this week at the DRI Cybersecurity and Data Privacy Virtual Seminar, I outlined many of the issues currently impacting data security around the world.

Here are some key points:

  • Cookies are a thing. They are getting enforced in the EU by the Commission Nationale de l’Informatique et des Libertés, Agencia Española de Protección

The Credit Bureau Association of South Africa has issued a code of conduct for the processing of credit information under the Protection of Personal Information Act, No.4 of 2013 (POPIA).

Here is an analysis I wrote for OneTrust DataGuidance, which may be helpful for GDPR, CPRA, CPA and CDPA.

Key points:

  • Purpose limitation: Personal

The development of alternative techniques to “third-party” cookies cannot be done at the expense of the right of individuals to protect their personal data and privacy, according to France’s Commission Nationale de l’Informatique et des Libertés (CNIL).

The commission has issued new guidance on what happens after third party cookies.

Data Protection Considerations:
  • The end

PUB_Privacy(4)_1202221816

The United Kingdom’s Information Commissioner’s Office has released the second chapter in its anonymization guide for public comment.

Here are some key points:

  • An effective anonymization process seeks to reduce the likelihood of someone being identified or identifiable to a sufficiently remote level. This level depends on a number of factors specific to the context.

Datatilsynet Denmark has issued serious criticism — and an injunction — to bring dating app Dating.dk’s data processing into compliance before November 16, 2021. The group says the app failed to acquire user consent in a manner that satisfies the requirements of GDPR.

Specifically:

  • A declaration of consent, whereby the user by the same “click”