If you are a GDPR-compliant company, does that mean you can start doing business in the United States with no additional thoughts about privacy?

As Simon Cowell says: “It’s a

Continue Reading What Does the EU-US “Draftequacy” Decision Mean for Companies Right Now?

The European Data Protection Supervisor (EDPS) has submitted comments to FTC Rulemaking on commercial surveillance.

Here are some key takeaways.

IOT devices:

  • It is important that data from the Internet
Continue Reading What Did the EDPS Have to Say About FTC Rulemaking on Commercial Surveillance?

For deidentification under the traditional laws like HIPAA, removal of identifiers qualifies.

That was a key facet of what I discussed last week on an anonymization panel during the IAPP

Continue Reading Deidentification vs Anonymization: What Is Enough?

Employers should have in place a process to delete former employees’ information – including public facing information and photos – to meet their retention limitation requirements, according to the Belgian

Continue Reading Caveat Employer? In the EU and California, Employers Must Beware!