Spanish Agencia Española de Protección de Datos – AEPD has issued a press release on the data protection implications of’IoB’ (internet of body) devices. These are devices connected to the Internet that monitor and/or act on vital signs, biometric data, and health indicators (e.g. physical activity, sleep quality, and sports activity).

IoB devices include external,

In a landmark decision in what is popularly known as the “Schrems II” case, the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield, the framework that facilitated the transfers of personal data from the European Union to the United States for thousands of companies. The court cited the breadth of National

European Union Data Protection Authorities discussed enforcement priorities at the International Association of Privacy Professionals (IAPP) Data Protection Intensive.

Key takeaways:

  • CNIL: Online advertising and cookies are a focus right now.
  • Ireland DPC: currently handling 10,000 complaints with 23 investigations into so-called big tech companies, and two investigations at the decision-making stage. An area of

Wherefore art thou GDPR?

Some EU supervisory authorities are voicing dissatisfaction with enforcement of GDPR to date.

“After nearly one and a half years we must concede that we have a huge problem with the enforcement of cross border processing especially by globally acting companies,” says a spokesperson for the Hamburg data protection authority authority,

The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR.

Key takeaways:

  • Data minimization:
    • Collect only the information you need. If you only need name, identification code, bank account number, currency, balance, purpose of

The EU General Data Protection Regulation (GDPR) did NOT make all processing of personal data unlawful, though it seems than many think this, says Michael Kaiser, data protection officer at the Hesse Data Protection Authority in Germany.

Per Kaiser, said the DPA has been inundated with complaints and breach notifications — up 1,200 percent since

Enforcement is increasing under the EU US Privacy Shield Framework for cross border transfer of personal data. A report published by European regulator, the European Data Protection Board (EDPB), lists enforcement initiatives by the Department of Commerce (DoC) and the FTC.

  • On a quarterly basis the DoC conducts “false claims reviews” to identify organizations that