1. The French Data protection authority, CNIL, has issued a “Developer Kit” setting forth best practices for data protection.

Key takeaways:

  • Before using a development tool, especially for personal data, read the conditions of use.
  • If the data requires a maximum level of confidentiality, use tools with a local instance, rather than the cloud.
  • Conduct a

The UK Information Commissioner’s Office (ICO) is strategically focusing on the “fairness” requirement under the GDPR – says U.K. Information Commissioner Elizabeth Denham.

The focus is unfair, invisible processing. This includes big tech, data brokers, credit reference agencies and adtech, specifically looking at transparency and fairness, as well as the legal basis for consent.

Regarding

“Privacy policies … have evolved from … largely factual statements to become, nowadays, either long, verbose and impenetrable legalese, or else vague and soothing PR exercises. Either approach places the burden on the individual to understand complex data practices and act rationally in her own best interests.”  says European Data Protection Supervisor Giovanni Buttarelli.

“Transparency

“The Federal Trade Commission is aiming to bring more EU-U.S. Privacy Shield enforcement actions for significant violations of the cross-border data transfer program, the agency’s consumer protection chief said April 26.”

There are a group of cases the FTC is “looking at right now and they include” alleged substantive violations of the Privacy Shield program

“Europe has taken the first steps to protect citizens’ privacy and our new regulations have proven to be effective — both for our citizens and our businesses… It’s time for America to join us, Japan and many others in our work, and be part of setting the global standards on privacy.”  — European Commissioner Vera

“The crucial, crucial change [GDPR] brought was around accountability. Accountability encapsulates everything the GDPR is about,” says UK Information Commissioner Elizabeth Denham.

Denham said companies must understand the risks that they create for others with their data processing, and mitigate those risks. GDPR also formalizes the move away from box ticking to seeing data protection

Data subject access rights and your medical practice.

The UK Information Commissioner’s Office (ICO) issues advice.

Medical practices have reported a significant rise in subject access requests (SARs) since the GDPR came into effect in May last year, which is a similar trend in other sectors.

  • General Practicioners (GPs) cannot query the reason for requesting

A pre-ticked checkbox is not valid consent for placing cookies under the EU eprivacy directive – says the Advocate General to the Court of Justice of the EU in the Planet49 case.

Other takeaways:

  • Pre-ticked box + an active “click” on “participate in lottery” is still not sufficient consent for placing cookies. For consent to

The European Data Protection Board (EDPB) has weighed in on the ePrivacy Regulation:

  • EU legislators should intensify efforts towards the adoption of an ePrivacy Regulation, which is necessary to complete the EU’s framework for data protection and confidentiality of communications.
  • The ePrivacy Regulation must under no circumstances lower the level of protection offered by the

Data protection and political campaigns – European Data Protection Board (EDPB) issues a statement.

Key points:

  • Personal data revealing political opinions is a special category of data under the GDPR, and, in most cases, processing it will require explicit, specific, fully informed, and freely given consent.
  • Using personal data made public, like on social media,