France’s CNIL, Commission Nationale de l’Informatique et des Libertés, has issued guidance on data protection in the use of chatbots.

Key Takeaways
  • Consent for cookies isn’t necessary if they are strictly required to operate the chatbot, but is required for all other cookies.
  • Retain the data only for as long as required for the purpose.

France’s CNIL, the Commission Nationale de l’Informatique et des Libertés, has opined on the “Global Security law” and use of drones by law enforcement.

General takeaways:
  • Use airborne cameras only if (i) strictly necessary for the legitimate purpose pursued and (ii) proportionate. You must first determine that no less intrusive method is available.
  • Retain information

“The Spanish Agencia Española de Protección de Datos – AEPD has launched the DIGITAL PACT FOR THE PROTECTION OF PEOPLE , an initiative that aims to promote a firm commitment to privacy in the sustainability policies and business models of organizations”

“Among the principles that are collected is to promote transparency so that citizens know

“Germany will become a world leader in autonomous driving. We are setting the pace for this: With our new law, we are becoming an international pioneer and putting an end to cumbersome individual permits,” says German Federal Transport Minister Andreas Scheuer.

The proposed regulation, still requiring approval by the Bundestag and the Bundesrat, contemplates regulation

Data Processors beware.

France’s CNIL issued an enforcement action against both a data controller (150,000 EUR) and a data processor (75,000 EUR) for inadequate information security measures leading to a credential-stuffing attack.

The attackers were able to take the: last name, first name, email address, DOB, loyalty card balances and orders of approximately 40,000 individuals.

The United Kingdom’s Information Commissioner’s Office published its action plan for 2021.

Areas of focus include:
  • the Age Appropriate Design Code
  • data sharing.
  • data broking,
  • the use of sexual crime victims’ personal information,
  • adtech, including audits focused on digital marketing platforms.
Additional guidance is forthcoming on:
  • political campaigning
  • facial recognition,
  • codes of conduct and certification

Automated vehicle manufacturers beware: Blurred images can still be personal data under the European Union’s General Data Protection Regulation (GDPR),  says French Data Protection Authority CNIL in a statement on the use of drones by French police.

If information is blurred only after it is collected, and blurred flows can be accessed in clear images

Spanish Agencia Española de Protección de Datos – AEPD has issued a press release on the data protection implications of’IoB’ (internet of body) devices. These are devices connected to the Internet that monitor and/or act on vital signs, biometric data, and health indicators (e.g. physical activity, sleep quality, and sports activity).

IoB devices include external,