“If the cedar trees have caught on fire,” says an old Hebrew adage, “what shall the shrubs on the wall say?”

Denmark data protection authority Datatilsynet suffered a data breach when its own documents, which should have been shredded, were disposed of in the normal wastepaper bin. The agency notified itself of the breach per

A group of UK MPs wrote a letter to the UK Information Commissioner’s Office demanding stronger data protection enforcement.

“It is imperative that you take action to establish public confidence – a trusted system is critical to protecting public health. The ICO has powers to compel documents to understand data processing, contractual relations and the

In the wake of the UK A-Level algorithm fallout, the U.S. National Institute of Standards and Technology (NIST) has published a report, for public comment, on the Four Principles of Explainable Artificial Intelligence.

“AI is becoming involved in high-stakes decisions, and no one wants machines to make them without an understanding of why,” said NIST

Data Protection Authorities in the German states of Lower Saxony, North Rhine-Westphalia, Hesse, Hamburg and Brandenburg have launched a large scale inquiry against media websites to examine the use of tracking techniques and specifically whether the cookie banners they apply on their respective websites meet the requirements for a voluntary and informed consent of the

Peter Swire and Kenneth Propp suggest a viable post-Schrems II alternative to address U.S. judicial redress deficiencies in the Lawfare Blog.

“Any future attempt by the United States to successfully address this perceived deficiency in judicial redress … must have two dimensions: a credible fact-finding inquiry into classified surveillance activities in order to ensure protection

The IAB Europe, the continent’s digital advertising and marketing association, has issued an FAQ on Schrems II.

How does this impact the online advertising supported internet?

“While it is hard to measure the impact in specific terms, this is likely to cause a big disruption in an industry which is as global and interconnected as

Privacy Shield is gone but not forgotten.

Adam C. Schlosser, for the International Association of Privacy Professionals (IAPP), writes on why the EU-U.S. Privacy Shield is still a useful data protection governance tool.

“Simply leaving the Privacy Shield program or disregarding its principles would be a mistake, particularly for those organizations that have already built

Constantine Karbaliotis and Abigail Dubiniecki write on the topic of what Canadian companies should do after Schrems II:

  • If you are processing data as controller, or as a processor for a client with European Union personal data, and relying on onward transfers, first do a risk assessment; and then assuming the risks are addressable, put

EUobserver prints an op-ed on SchremsII:

“With this decision, Europe is sliding toward a system of data localisation in which European data must stay in Europe. Big companies can likely bear the cost of creating redundant data systems in Europe, and for cloud computing providers that already have data centres in Europe…this decision could bring

Connected vehicles process a lot of data. Some of it is personal data under the General Data Protection Regulation (GDPR). The European Data Protection Board has issued draft guidelines for handling that data.

  • What data is personal data?
  • Who are the stakeholders?
  • What is the legal basis?
  • How do you operationalize transparency?
  • How do you