The European Data Protection Board has issued draft guidelines on the interplay between Art 3.2 and Chapter V of GDPR. And they also have finally defined the term “transfer.”

Here are some key takeaways:

  • You must comply with the provisions of Chapter V GDPR, including the Schrems II assessment and supplemental measures, even when the

Helen Dixon, Ireland’s Data Protection Commissioner, gave the keynote speech during the closing session of the International Association of Privacy Professionals’ Data Protection Congress in Brussels.

Here are a few of the key takeaways.

  • No jurisdiction has all the answers to the challenges posed by the complex digital environment. We need to learn.
  • Ubiquitous is

I had the pleasure of speaking during the Restaurant Technology Network Town Hall about a variety of privacy issues confronting restaurants and food delivery apps, including CCPA, CPRA, CDPA and CPA.

Here are some of my key points:

  • If you are using biometrics for food ordering, payment or authentication , it is best to pause

U.S. Representative Cathy McMorris Rodgers, the Republican leader of the House Energy and Commerce Committee, and U.S. Representative Gus Bilirakis, the Republican leader for the Consumer Protection and Commerce Subcommittee, have submitted the “Control Our Data Act” bill.

Here are some key points:

  • Required privacy disclosure, which also needs to include a summary
  • Required notice

The U.K.’s Information Commissioner’s Office (ICO) has responded to the U.K.’s Department for Digital, Culture, Media and Sport’s (DCMS) “Data: Unlimited” initiative.

There is a lot to unpack. Here is an analysis I wrote for OneTrust DataGuidance that may be helpful.

Key points:

  • The current approach does not work for people or businesses and commitment

While presenting this week at the DRI Cybersecurity and Data Privacy Virtual Seminar, I outlined many of the issues currently impacting data security around the world.

Here are some key points:

  • Cookies are a thing. They are getting enforced in the EU by the Commission Nationale de l’Informatique et des Libertés, Agencia Española de Protección

The Credit Bureau Association of South Africa has issued a code of conduct for the processing of credit information under the Protection of Personal Information Act, No.4 of 2013 (POPIA).

Here is an analysis I wrote for OneTrust DataGuidance, which may be helpful for GDPR, CPRA, CPA and CDPA.

Key points:

  • Purpose limitation: Personal