General Data Protection Regulation (GDPR)

Subscribe to General Data Protection Regulation (GDPR)

The development of alternative techniques to “third-party” cookies cannot be done at the expense of the right of individuals to protect their personal data and privacy, according to France’s Commission Nationale de l’Informatique et des Libertés (CNIL).

The commission has issued new guidance on what happens after third party cookies.

Data Protection Considerations:
  • The end

PUB_Privacy(4)_1202221816

The United Kingdom’s Information Commissioner’s Office has released the second chapter in its anonymization guide for public comment.

Here are some key points:

  • An effective anonymization process seeks to reduce the likelihood of someone being identified or identifiable to a sufficiently remote level. This level depends on a number of factors specific to the context.

Datatilsynet Denmark has issued serious criticism — and an injunction — to bring dating app Dating.dk’s data processing into compliance before November 16, 2021. The group says the app failed to acquire user consent in a manner that satisfies the requirements of GDPR.

Specifically:

  • A declaration of consent, whereby the user by the same “click”

Here are a few takeaways from what I said this week at the InfoGov World Expo virtual auditorium.

  • Is it still “early days for GDPR?” Not if you ask Germany, France’s Commission Nationale de l’Informatique et des Libertés (CNIL), Spain’s Agencia Española de Protección de Datos (AEPD), Denmark’s Datatilsynet and other DPAs who have been

Ireland’s Data Protection Commission has imposed a fine of €225 million (more than $267 million) on WhatsApp, a popular messaging app owned by Facebook.

Here are some key takeaways for companies subject to GDPR:

Drafting privacy notice disclosures

  • When providing disclosures in your privacy notice, make them easy to understand. It is important to keep

Mobile apps

New York City has passed a bill limiting data sharing by food delivery apps and food service establishments.

What does that mean?

Here are some key takeaways:

  • A third-party food delivery service may not share customer data applicable to an online order if such customer requests that such data not be shared in relation to

The Ohio Personal Privacy Act, also known as House Bill 376, is being considered in the Buckeye State.

Here are a few takeaways:

  • Enforcement by Attorney General only
  • Affirmative defense for companies that maintain and comply with a written privacy program that reasonably conforms with the NIST Privacy Framework.
  • “Business” include non-profits
  • Similar to Virginia

Autonomous Vehicles

As always, it was great fun speaking with Future of Privacy Forum’s lovely and knowledgeable mobility guru Chelsey Colbert during Part 2 of OneTrust DataGuidance’s connected vehicles and data protection presentation.

Here are some takeaways from our chat:

  • In the Cold War spy series “The Americans,” characters kept changing their route to and from their

CNIL, the Commission Nationale de l’Informatique et des Libertés, which is France’s Data Protection Authority, publishes framework to deal with post-Schrems II cross border transfers following the European Data Protection Board’s final guidelines on supplemental transfer measures:

Step 1
  • Inventory your transfers (involve: DPO, information systems department, purchasing department, operational managers of services, digital service