Here are a few things to consider in a cross border complaint, according to the International Association of Privacy Professionals’ Data Protection Congress panel with Isabelle Vereecken of the EuropeanContinue Reading Cross Border Complaints: What You Need to Consider
If you are a GDPR-compliant company, does that mean you can start doing business in the United States with no additional thoughts about privacy?
As Simon Cowell says: “It’s a…Continue Reading What Does the EU-US “Draftequacy” Decision Mean for Companies Right Now?
Employers should have in place a process to delete former employees’ information – including public facing information and photos – to meet their retention limitation requirements, according to the Belgian…Continue Reading Caveat Employer? In the EU and California, Employers Must Beware!
Spanish Agencia Española de Protección de Datos – AEPD has issued a press release on the data protection implications of’IoB’ (internet of body) devices. These are devices connected to the…
Continue Reading Spain Issues Advisory on Privacy for ‘Internet of Body’ Connected Technology
In a landmark decision in what is popularly known as the “Schrems II” case, the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield, the framework that…
Continue Reading Ten Steps Companies Can Take Now to Handle US-EU Data Transfers
Data protection by design and by default (DPbDD): The complexity of this GDPR obligation is apparent even from acronym itself.
It was my pleasure to try to simplify this concept…
Continue Reading EDPB’s Draft Guidelines on Privacy by Design and by Default
European Union Data Protection Authorities discussed enforcement priorities at the International Association of Privacy Professionals (IAPP) Data Protection Intensive.
- CNIL: Online advertising and cookies are a focus right
Wherefore art thou GDPR?
Some EU supervisory authorities are voicing dissatisfaction with enforcement of GDPR to date.
“After nearly one and a half years we must concede that we have …
Continue Reading Politico: Some EU Data Protection Leaders Voicing Concerns About GDPR Enforcement
The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of…
Continue Reading Lithuanian Data Protection Inspectorate Levies Fine for GDPR Data Management Violations
If you de-identify end user data, this may be a use compatible with the original purpose for which the data was provided and not require seeking consent from the individual.
Continue Reading Is Consent Required To De-Identify Users’ Data? The Case for No