General Privacy & Data Security News & Developments

A complaint by public interest organization “NOYB” against media streaming services shines a spotlight on the GDPR’s right of “data subject access​.”

While some aspects are GDPR-specific, much of the complaint provides insight into how to properly structure your access request process under the California Consumer Privacy Act (CCPA).

Read the full analysis.

“A loose coalition of privacy-minded digital rights groups and policymakers is crafting a strategy to rein in facial recognition technology in cities across the country. ”

“Three cities thus far have banned government use of the technology: San Francisco, Somerville, a suburb of Boston, and now Oakland. Using facial recognition bans in those cities as

“Of the 24 states that considered data privacy legislation this year, only Illinois, Maine and Nevada enacted new laws.”

“Despite enthusiasm for more privacy rules by legislators and their constituents, many states found themselves bogged down this year in both the details of high tech operations and industry complaints.”

“In Connecticut, Hawaii, Louisiana, North Dakota

New Turkish data protection law (TDPL) requires controllers to register their data processing inventory with the Turkish data protection authority.

“Although the information [required in the Turkish data inventory portal, called VERBIS], is similar to the GDPR Article 30 data processing ledger, such records may not be directly applicable because VERBIS is based on categories

The $5 billion fine levied against Facebook by the Federal Trade Commission is certainly headline news, but it also contains detailed requirements for privacy and information security governance and accountability that all companies can learn from and implement.

Big Picture Takeaways:

  • Facebook faces many detailed requirements for internal and external governance and oversight with

In most of the world, anonymous data are not considered personal data — the information can be shared and sold without violating privacy laws. Market researchers are willing to pay brokers for a huge array of data, from dating preferences to political leanings, household purchases to streaming favorites.

But this anonymous information may not be

“Some of Ireland’s best known heritage sites – such as Kilmainham Gaol, Dublin Castle and Muckross House – have been ordered to remove visitor books due to concerns they breach EU privacy and data protection rules.

The Office of Public Works (OPW) believes the books, in which visitors leave brief remarks along with their names

Analytics cookies in the crossfire.

Different approaches set forth in the CNIL Guidance and in the ICO cookie guidance.

CNIL – Set list of terms to qualify for an exemption from the need to obtain consent.

ICO – This is a non-essential cookie and consent is needed … BUT … unlikely to prioritize enforcement of

It’s high time for privacy regulation?

The information and privacy commissioner of Saskatchewan, Canada, is proposing cannabis dispensaries be subject to the Health Information Protection Act (HIPA).

“The recommendation suggests that under HIPA — which regulates collection, storage, use and disclosure of personal health information and access to personal health information — the term ‘trustee’