The Polish data protection authority has fined ClickQuickNow €47,126.97 for violating the General Data Protection Regulation (GDPR) by requiring too difficult a process for revoking consent.

The process in question required the person who submits the statement of withdrawal of consent to indicate the reason for his request after the site provided the person with

The auto-complete function is not prohibited by GDPR, says the Danish data protection authority.

  • The search function suggested certain search suggestions automatically including the complainant’s name.
  •  The purpose of the function was to offer a better service to citizens.
  • The municipality also stated that when a user performs a search only the entered keyword is

The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR.

Key takeaways:

  • You need to develop, embed and maintain a culture of data protection in your processing activities, with compliance demonstrably supported from the top.
  • All processing of personal data should be subject to overview, governance and demonstrable compliance.
  • Key

The California Attorney General considered and rejected the creation of a safe harbor exemption from the CCPA for businesses that are already complying with GDPR, says the statement of reasons that accompanies the draft CCPA Regulations.

“The Attorney General rejected this alternative because CCPA and GDPR have different requirements, different definitions, and different scopes. For

The Dutch DPA has issued guidance on the use of “legitimate interest” as a legal basis for processing data under GDPR.

Key takeaways on what constitutes “legitimate”:

  • The interest needs to be pursuant to a written or unwritten legal principle.
  • Merely serving the interests of society or pure commercial interests, profit maximization, following the behavior

The UK’s Information Commissioner’s Office has issued an opinion on the use of Live Facial Recognition technology by law enforcement.

Key takeaways:

  • The use of Live Facial Recognition (LFR) involves processing of personal data and therefore data protection law applies.
  • The use of LFR for law enforcement purposes constitutes “sensitive processing.”  As such, a Data

Ireland’s Data Protection Commission has issued a guidance note on the right of access under the General Data Protection Regulation.

Key takeaways:

  • Requests to access data are the majority of complaints received.
  • If reasonably necessary to clarify the request, you may request that the requester specify the information or processing activities they want access to.

The Polish data protection authority has fined a public authority 40,000 Euros for violations of GDPR including:

  • failure to execute Article 28 data processing agreements with its service providers
  • retaining personal data for longer than required by law
  • storing official videos only on YouTube in violation of the obligation to ensure availability, integrity and continuity

The United Kingdom’s Information Commissioner’s Office has launched a public consultation on how to create a toolkit to help organizations assess whether they have appropriate and effective internal data protection governance arrangements in place and to help them demonstrate their compliance with the General Data Protection Regulation (GDPR).

Per the GDPR accountability principle, data controllers

The Austrian Data Protection Authority has imposed an 18 Million Euro fine on Post AG for violating GDPR by processing personal information of individuals to create statistical probabilities about political party affinity and using them for marketing purposes.

Under GDPR. political affiliation is a “special category” personal data, the processing of which is deemed more