“The EU’s much-vaunted data-protection legislation doesn’t cover how data can be used ‘to draw conclusions about me or to undermine democracy,'” said European Union Commissioner Margrethe Vestager, in a speech in Copenhagen on Sept. 13.
“When a few companies control a lot of data about us, that can also help them influence the choices we
GDPR does not prohibit a company from disclosing to one company shareholder, information identifying other shareholders in the same company, says the Higher Regional Court of Munich.
The legal basis under GDPR is that the disclosure is necessary for the performance of the contractual relationship established by the articles of association.
“For the exercise of
Asking to read an electronic ID card as a condition for the provision of a service (issuing a rewards/loyalty card) is disproportionate and in violation of GDPR, says the Belgian data protection authority. The company was fined €10,000.
Do I have to disclose documents with confidential internal correspondence, and comments from my staff as part of a GDPR data subject access request? The Court of The Hague says “Yes, you do.”
Who is responsible for putting a GDPR Article 28 Data Processing Agreement in place?
Dutch Data Protection Authority, Autoreitpersoonsgegevens, says: BOTH the data controller and the data processor.
Adtech-tok. The clock is ticking for adtech GDPR compliance, says the UK ICO.
“Speaking at ExchangeWire’s ATS event in London on Sept. 9, the ICO’s head of technology and policy, Ali Shah, encouraged ad tech businesses still relying on a legitimate interest to come forward and engage with the regulator.
Shah promised those that do
If you condition participation in a sweepstakes on receiving advertising on a particular topic from the provider of the sweepstakes or from other third parties — this is still valid consent under GDPR, says the Higher Regional Court of Frankfurt, Germany.
Some new guidance on obtaining consent under GDPR from Denmark:
That and other principles are included in the new detailed guidance on consent under GDPR from
Ireland’s privacy regulator is weighing potential probes into how some online companies handle children’s data.
The Irish privacy office is “scoping” children’s privacy enforcement actions
“There will absolutely have to be changes and will be changes in terms of how” online companies handle children’s data… It’s a “big area of importance” for the commission –
A German investigation into Facebook Inc. shows that multinational companies could face probes from multiple data-protection regulators in Europe over the same missteps.
If you are a non-EU entity subject to GDPR, or are a part of a group of companies, the GDPR one stop shop mechanism may not help you.
Thinking through the role