General Privacy & Data Security News & Developments

  1. The French Data protection authority, CNIL, has issued a “Developer Kit” setting forth best practices for data protection.

Key takeaways:

  • Before using a development tool, especially for personal data, read the conditions of use.
  • If the data requires a maximum level of confidentiality, use tools with a local instance, rather than the cloud.
  • Conduct a

The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR.

Key takeaways:

  • Data minimization:
    • Collect only the information you need. If you only need name, identification code, bank account number, currency, balance, purpose of

“C’est tres complique aujourd’hui de se declarer 100% conforme”

“In reality, it’s very complicated to declare in total and perfect conformity [with GDPR], be it today, in five or ten years, because it’s a continuous process. A company never really achieves 100% compliance, it works on it every day. It seeks to have compliance champions,

With the recent spate of class actions under Illinois’ Biometric Information Privacy Act (“BIPA”), courts are considering an array of litigation-related questions that such actions pose. One such issue recently was addressed in Liu v. Four Seasons Hotel, Ltd, 2019 Ill App (1st) 182645 (April 9, 2019), when the Four Seasons argued

The California Consumer Privacy Act “has galvanized the U.S. Congress to start thinking really hard about federal privacy legislation. We’ve encouraged them to do that,” said Federal Trade Commission Chairman Joe Simons.

Other key takeaways from Simons’ conversation with International Association of Privacy Professionals Chief Knowledge Officer Omer Tene:

  • Though not specifically commenting on any

“When it comes to tech in California, the balance is making sure we continue to have an environment that fosters creativity and innovation, while … fighting to have the proper amount of consumer protection and privacy that any of us … would want,” said Ian Calderon, California Assembly majority leader.

“The law may not be

A study shows that “92 percent of 36 mental health apps shared data with at least one third party — mostly services that help with marketing, advertising, or data analytics.”

“About half of those apps did not disclose that third-party data sharing, for a few different reasons: nine apps didn’t have a privacy policy at

Enforcement is coming – says CNIL, the French Data Protection Authority.

CNIL published its enforcement priorities for 2019. CNIL will no longer refrain from enforcing new obligations imposed by GDPR, but it will continue to exercise judgment in the choice of corrective measures and will not resort to fines every time. CNIL’s enforcement program will

“Rather than view data protection as a box-ticking exercise, it should be a key priority and integrated into every aspect of the business to ensure comprehensive coverage and consistency.”

“Regulation can only go so far – if businesses focus on best practices for cybersecurity, data protection and combine this with compliance they will be giving

“I have long advocated for privacy protections that include the principles of knowledge, notice and the right to say ‘no’ to companies that want our information. But it is increasingly clear that a true 21st-century comprehensive privacy bill must do more than simply enshrine notice and consent standards,” said Sen. Edward Markey (D-Mass.), the author