• Connected cars are “terminal equipment” and consent under the ePrivacy regime is required.
  • Connected cars are IoT devices.
  • Geolocation is very sensitive; don’t collect unless necessary.
  • Implement data protection by design and default at every stage.
  • Connected cars pose unique challenged for transparency and consent – you must find ways to overcome them.

These are

“The European Commission has revealed it is considering a ban on the use of facial recognition in public areas for up to five years.

Regulators want time to work out how to prevent the technology being abused. The technology allows faces captured on CCTV to be checked in real time against watch lists, often compiled

Kenyan President Uhuru Kenyatta approved a data protection law which complies with European Union legal standards, according to Thomson-Reuters.

The new law sets out restrictions on how personally identifiable data obtained by firms and government entities can be handled, stored and shared. Those violating the law face a maximum fine of 3 million shillings

The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR.

Key takeaways:

  • You need to develop, embed and maintain a culture of data protection in your processing activities, with compliance demonstrably supported from the top.
  • All processing of personal data should be subject to overview, governance and demonstrable compliance.
  • Key

In preparation for the first Article 97 evaluation and review of the General Data Privacy Regulation (GDPR), member states have submitted comments, reports Muge Fazliogu of the International Association of Privacy Professionals (IAPP)

Key points:

  • Businesses and government agencies feel overwhelmed, uncertain and confused. (Germany)
  • Recommend to publish real cases of best practices, as well

A German investigation into Facebook Inc. shows that multinational companies could face probes from multiple data-protection regulators in Europe over the same missteps.

If you are a non-EU entity subject to GDPR, or are a part of a group of companies, the GDPR one stop shop mechanism may not help you.

Thinking through the role

Red Card! The Spanish Data Protection Authority has issued LaLiga a 250,000 EUR fine for using its mobile app to detect bars illegally broadcasting soccer matches, without duly disclosing this data processing activity in violation of GDPR.

When installing the application and receiving user approval, LaLiga remotely activated the microphone of any user’s mobile phone

  1. The French Data protection authority, CNIL, has issued a “Developer Kit” setting forth best practices for data protection.

Key takeaways:

  • Before using a development tool, especially for personal data, read the conditions of use.
  • If the data requires a maximum level of confidentiality, use tools with a local instance, rather than the cloud.
  • Conduct a