A German investigation into Facebook Inc. shows that multinational companies could face probes from multiple data-protection regulators in Europe over the same missteps.

If you are a non-EU entity subject to GDPR, or are a part of a group of companies, the GDPR one stop shop mechanism may not help you.

Thinking through the role

“Given the legal requirements for explicit, informed consent, it is obvious that the vast majority of cookie consent notices are not compliant with European privacy law – researchers at the University of Michigan have found.”

“If given a choice, just 0.1 percent of site visitors would freely choose to enable all cookie categories/vendors — i.e.

Meant for small and medium enterprises, a draft GDPR code of conduct for Data Processors has been submitted for approval in the Netherlands.

It contains detailed requirements for data processor compliance including:

  • Documented data protection plan
  • Information security management system based on a recognized standard
  • At least annual evaluation of your privacy and information security

The UK’s Information Commissioner’s Office (ICO) has announced a completion deadline for their code that will translate General Data Protection Regulation (GDPR) requirements into design standards that protect children who access online services.

The code is being refined following a consultation period and will be made final on November 23, 2019.

The ICO stated that

The International Organization for Standardization (ISO) published a standard for company’s to implement personal information management systems (PIMS). The ISO’s guidance aims to assist businesses with compliance goals and further the emphasis on personal data protection.

In the wake of the detailed privacy framework requirements of the recent FTC Facebook settlement and the California Consumer

A web developer study shows that when a cookie banner allows users to refuse cookies, 50 percent of users choose this option and subsequently refuse all third-party services.

However, when this choice is not available, we end up with a cookie acceptance rate between 90 and 98 percent via site users clicking the “I accept”

The Higher Regional Court of Cologne Germany has held that internal recorded statements, conversation notes or telephone notes constitute personal data and copies of them must be disclosed in response to a data access request.
The court also held that:
  • The information is not a trade secret since claims made by the plaintiff against his

“Some of Ireland’s best known heritage sites – such as Kilmainham Gaol, Dublin Castle and Muckross House – have been ordered to remove visitor books due to concerns they breach EU privacy and data protection rules.

The Office of Public Works (OPW) believes the books, in which visitors leave brief remarks along with their names