In atypical 2020 fashion, Santa actually gave UK the #1 present on its Christmas list: adequacy for cross-border data transfers from the EU as part of an overall trade deal.

Bloomberg reports the deal will include an interim solution for a maximum of 6 months while the European Commission considers a full adequacy decision for

Due to the importance of data protection law for employee monitoring practices, a careful and considered approach must be taken when potentially highly intrusive methods, such as tracking employee vehicles, are used. Employees must be informed of the existence of tracking and how it operates, as well as being clearly informed of all the purposes

Key Takeaways

  • Particularly

In a detailed report titled “Ethics of Connected and Automated Vehicles,” the European Commission sets out key data protection recommendations

Connected and Automated Vehicles (CAVs) are vehicles that are both connected and automated and display one of the five levels of automation according to SAE International’s standard J3016, combined with the capacity to receive and/or

“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data transfers while guaranteeing an appropriate level of protection for people globally,”  say Alessandra Pierucci, Chair of the Committee of Convention 108

Privacy Shield is gone but not forgotten.

Adam C. Schlosser, for the International Association of Privacy Professionals (IAPP), writes on why the EU-U.S. Privacy Shield is still a useful data protection governance tool.

“Simply leaving the Privacy Shield program or disregarding its principles would be a mistake, particularly for those organizations that have already built

EUobserver prints an op-ed on SchremsII:

“With this decision, Europe is sliding toward a system of data localisation in which European data must stay in Europe. Big companies can likely bear the cost of creating redundant data systems in Europe, and for cloud computing providers that already have data centres in Europe…this decision could bring

The Data Protection Authority for the Rhineland-Palatinate in Germany suggests there is a need for legislation limiting the use of contact tracing data.

Anyone sitting in the beer garden should not later be questioned by the police with respect to an administrative offense or minor damage to property based on the fact that their name

In a letter to the country’s Social Security Administration, Iceland’s Data Protection Authority Personuvernd states that IP addresses are not a reliable way to determine a person’s true location.

The DPA was reviewing a decision of the state Social Security Administration that had relied on an IP address to determine whether individuals on the unemployment