General Data Protection Regulation (GDPR)

According to the NewEurope newspaper, “Sweden’s data protection authority has approved the use of facial recognition technology by the police, to help identify criminal suspects.”

“The new application of facial biometric screening will allow Swedish police to compare facial images from closed-circuit TV footage to an existing biometric database of over 40,000 pictures.”

“According to

The UK’s Information Commissioner’s Office has issued an opinion on the use of Live Facial Recognition technology by law enforcement.

Key takeaways:

  • The use of Live Facial Recognition (LFR) involves processing of personal data and therefore data protection law applies.
  • The use of LFR for law enforcement purposes constitutes “sensitive processing.”  As such, a Data

Ireland’s Data Protection Commission has issued a guidance note on the right of access under the General Data Protection Regulation.

Key takeaways:

  • Requests to access data are the majority of complaints received.
  • If reasonably necessary to clarify the request, you may request that the requester specify the information or processing activities they want access to.

The United Kingdom’s Information Commissioner’s Office has launched a public consultation on how to create a toolkit to help organizations assess whether they have appropriate and effective internal data protection governance arrangements in place and to help them demonstrate their compliance with the General Data Protection Regulation (GDPR).

Per the GDPR accountability principle, data controllers

The Austrian Data Protection Authority has imposed an 18 Million Euro fine on Post AG for violating GDPR by processing personal information of individuals to create statistical probabilities about political party affinity and using them for marketing purposes.

Under GDPR. political affiliation is a “special category” personal data, the processing of which is deemed more

Google Analytics is in the crossfire in Germany.

The data protection authorities of the German states are being flooded with complaints, approximately 200,000 in number, regarding deployment of the Google Analytics service on websites in a manner which allegedly is in violation of GDPR.

At issue is whether deploying Google Analytics is possible without acquiring

The Irish Data Protection Commission has issued guidance on data breach notification under GDPR.

Key takeaways:

A personal data breach is a security incident that negatively impacts the confidentiality, integrity, or availability of personal data, with the consequence that the controller is unable to ensure compliance with the principles for processing personal data as outlined

The Irish Data Protection Commission has issued guidance on cloud computing. Here are key takeaways for companies and cloud providers:

  • You must remain in control of the personal data you collect.
  • You must have a written agreement with the cloud provider meeting with the requirements of Article 28 of the General Data Protection Regulation.
  • Before

We heard recently from French Data Protection Authority CNIL on the topic of Data Protection Impact Assessments (DPIAs). Now, Ireland’s Data Protection Commission has issued its own Guidance Note on DPIAs under The General Data Protection Regulation.

It describes the process in detail and provides lists of risks and mitigation methods. Key takeaways:

  • If you