GDPR

Subscribe to GDPR

Datatilsynet Denmark has issued serious criticism — and an injunction — to bring dating app Dating.dk’s data processing into compliance before November 16, 2021. The group says the app failed to acquire user consent in a manner that satisfies the requirements of GDPR.

Specifically:

  • A declaration of consent, whereby the user by the same “click”

PUB_Privacy(5)_1062285074

A new Congressional Research Service report on EU-US Privacy Shield invalidation and its aftermath lists possible options for Congress to facilitate US-EU data flows and a potential enhanced Privacy Shield accord. They include:

  • Exploring changes when authorizing and overseeing surveillance programs to better protect data privacy or otherwise address EU concerns;
  • Strengthening the Privacy and

Here are a few takeaways from what I said this week at the InfoGov World Expo virtual auditorium.

  • Is it still “early days for GDPR?” Not if you ask Germany, France’s Commission Nationale de l’Informatique et des Libertés (CNIL), Spain’s Agencia Española de Protección de Datos (AEPD), Denmark’s Datatilsynet and other DPAs who have been

Ireland’s Data Protection Commission has imposed a fine of €225 million (more than $267 million) on WhatsApp, a popular messaging app owned by Facebook.

Here are some key takeaways for companies subject to GDPR:

Drafting privacy notice disclosures

  • When providing disclosures in your privacy notice, make them easy to understand. It is important to keep

Pixelated shield icon on digital background,

Children’s data isn’t child’s play.

If you have a product or service that collects information from children, you should:

  • Be transparent. No, really. And figure out the best ways to be transparent for kids, which includes just in time notices, video and audio. It is a good idea to enlist the help of UX/CX experts

CNIL, the Commission Nationale de l’Informatique et des Libertés, which is France’s Data Protection Authority, publishes framework to deal with post-Schrems II cross border transfers following the European Data Protection Board’s final guidelines on supplemental transfer measures:

Step 1
  • Inventory your transfers (involve: DPO, information systems department, purchasing department, operational managers of services, digital service

Hey voice assistant: you’ve got some complying to do.

The European Data Protection Board has issued draft guidelines on the data protection aspects of using the increasingly prevalent virtual voice assistants.

Some key points:
  • Transparency is key but is also not easy to do well: 30 pages of single-spaced privacy notice won’t cut it. Think