“Complying with GDPR and ethical considerations when developing a digital service is actually a ‘win win situation.'” – says Forbrukerrådet’s eloquent Finn Lützow-Holm Myrstad in a conversation with IAPP – International Association of Privacy Professionals’ Jedidiah Bracy.
“We are all trying to be pragmatic and open-minded and ambitious and quick about this because for us it’s been seven weeks in the new administration but the world has been waiting eight months since the ‘Schrems II’ ruling, so there is a real sense of urgency on our part. There is also an opportunity
France’s CNIL, Commission Nationale de l’Informatique et des Libertés, has issued guidance on data protection in the use of chatbots.
“The Spanish Agencia Española de Protección de Datos – AEPD has launched the DIGITAL PACT FOR THE PROTECTION OF PEOPLE , an initiative that aims to promote a firm commitment to privacy in the sustainability policies and business models of organizations”
“Among the principles that are collected is to promote transparency so that citizens know
I discover with my little eye… a GDPR breach?
“Recent court rulings suggest that companies still face a Catch-22 when getting involved in U.S. discovery. There have been several cases … in which a party has objected to discovery based on GDPR concerns,” write Dr. Matthias Artzt and Gary D. Weingarden for IAPP – International
Data Processors beware.
France’s CNIL issued an enforcement action against both a data controller (150,000 EUR) and a data processor (75,000 EUR) for inadequate information security measures leading to a credential-stuffing attack.
The attackers were able to take the: last name, first name, email address, DOB, loyalty card balances and orders of approximately 40,000 individuals.
The United Kingdom’s Information Commissioner’s Office published its action plan for 2021.
Automated vehicle manufacturers beware: Blurred images can still be personal data under the European Union’s General Data Protection Regulation (GDPR), says French Data Protection Authority CNIL in a statement on the use of drones by French police.
If information is blurred only after it is collected, and blurred flows can be accessed in clear images
Norway’s Datatilsynet does not mince words in its Brexit guidance:
“On 31 December 2020, the Brexit transition period will end. This means, among other things, that anyone who transfers personal data to the United Kingdom after this date must follow the rules on the transfer of personal data to third countries.”
“If the European Commission
The European Data Protection Board has issued guidance on its Coordinated Enforcement Framework (CEF). The CEF provides a structure for coordinating recurring annual activities by EDPB Supervisory Authorities. The annual coordinated action focuses on a pre-defined topic which participating SAs may pursue using a pre-defined methodology