Hey voice assistant: you’ve got some complying to do.
The European Data Protection Board has issued draft guidelines on the data protection aspects of using the increasingly prevalent virtual voice assistants.
“No consent – no photos” is the new “No shirt, no shoes (no mask), no business.”
You need consent under GDPR to take photos or videos in a pub and upload them to the pub’s social media networks. An informative sign is not enough, says Spain’s Agencia Española de Protección de Datos – AEPD.
The
“Complying with GDPR and ethical considerations when developing a digital service is actually a ‘win win situation.'” – says Forbrukerrådet’s eloquent Finn Lützow-Holm Myrstad in a conversation with IAPP – International Association of Privacy Professionals’ Jedidiah Bracy.
I discover with my little eye… a GDPR breach?
“Recent court rulings suggest that companies still face a Catch-22 when getting involved in U.S. discovery. There have been several cases … in which a party has objected to discovery based on GDPR concerns,” write Dr. Matthias Artzt and Gary D. Weingarden for IAPP – International
Data Processors beware.
France’s CNIL issued an enforcement action against both a data controller (150,000 EUR) and a data processor (75,000 EUR) for inadequate information security measures leading to a credential-stuffing attack.
The attackers were able to take the: last name, first name, email address, DOB, loyalty card balances and orders of approximately 40,000 individuals.
The European Data Protection Board has issued guidance on its Coordinated Enforcement Framework (CEF). The CEF provides a structure for coordinating recurring annual activities by EDPB Supervisory Authorities. The annual coordinated action focuses on a pre-defined topic which participating SAs may pursue using a pre-defined methodology
Denmark’s Data Protection Authority Datatilsynet has published an article emphasizing the importance of providing encrypted means for communicating personal information:
When it comes to entering into new agreements with non-EU providers that involve the processing of EU personal data, if in doubt – don’t, says Norway DPA Datatilsynet.
“One must be prepared for the fact that new agreements involving the illegal transfer of personal data to third countries may be considered more severely than existing
“I worry that we are caught in a DPA (Data Protection Authority) beauty contest of who issues the bigger fine,” said Ireland Data Protection Commissioner Helen Dixon in her keynote for Daniel Solove’s Privacy+Security Academy Fall Forum Keynote.
Due to the importance of data protection law for employee monitoring practices, a careful and considered approach must be taken when potentially highly intrusive methods, such as tracking employee vehicles, are used. Employees must be informed of the existence of tracking and how it operates, as well as being clearly informed of all the purposes