I spoke this week on Usercentrics’ Tech That Talks program, taking look at personalized ad targeting and the future of cookies.
Among the issues we discussed:
Children’s data isn’t child’s play.
If you have a product or service that collects information from children, you should:
CNIL, the Commission Nationale de l’Informatique et des Libertés, which is France’s Data Protection Authority, publishes framework to deal with post-Schrems II cross border transfers following the European Data Protection Board’s final guidelines on supplemental transfer measures:
Hey voice assistant: you’ve got some complying to do.
The European Data Protection Board has issued draft guidelines on the data protection aspects of using the increasingly prevalent virtual voice assistants.
“No consent – no photos” is the new “No shirt, no shoes (no mask), no business.”
You need consent under GDPR to take photos or videos in a pub and upload them to the pub’s social media networks. An informative sign is not enough, says Spain’s Agencia Española de Protección de Datos – AEPD.
The
“Complying with GDPR and ethical considerations when developing a digital service is actually a ‘win win situation.'” – says Forbrukerrådet’s eloquent Finn Lützow-Holm Myrstad in a conversation with IAPP – International Association of Privacy Professionals’ Jedidiah Bracy.
I discover with my little eye… a GDPR breach?
“Recent court rulings suggest that companies still face a Catch-22 when getting involved in U.S. discovery. There have been several cases … in which a party has objected to discovery based on GDPR concerns,” write Dr. Matthias Artzt and Gary D. Weingarden for IAPP – International
Data Processors beware.
France’s CNIL issued an enforcement action against both a data controller (150,000 EUR) and a data processor (75,000 EUR) for inadequate information security measures leading to a credential-stuffing attack.
The attackers were able to take the: last name, first name, email address, DOB, loyalty card balances and orders of approximately 40,000 individuals.
The European Data Protection Board has issued guidance on its Coordinated Enforcement Framework (CEF). The CEF provides a structure for coordinating recurring annual activities by EDPB Supervisory Authorities. The annual coordinated action focuses on a pre-defined topic which participating SAs may pursue using a pre-defined methodology
Denmark’s Data Protection Authority Datatilsynet has published an article emphasizing the importance of providing encrypted means for communicating personal information: