Denmark’s Data Protection Authority Datatilsynet  has published an article emphasizing the importance of providing encrypted means for communicating personal information:

  • Authorities and companies must, as data controllers, ensure — on the basis of an assessment of the risk to citizens’ rights — that they establish appropriate security measures. This means, among other things, that authorities

“I worry that we are caught in a DPA (Data Protection Authority) beauty contest of who issues the bigger fine,” said Ireland Data Protection Commissioner Helen Dixon in her keynote for Daniel Solove’s Privacy+Security Academy Fall Forum Keynote.

Additional Key Takeaways
  • I am hesitant to list our enforcement priorities because I don’t feel that we

Due to the importance of data protection law for employee monitoring practices, a careful and considered approach must be taken when potentially highly intrusive methods, such as tracking employee vehicles, are used. Employees must be informed of the existence of tracking and how it operates, as well as being clearly informed of all the purposes

How does GDPR apply to the transfer of personal data from an EU entity to an international organization?

“Entities subject to the GDPR that exchange personal data with international organisations have to comply with the GDPR, including its rules on international transfers (Chapter V of the GDPR),” says the European Data Protection Board in a

The Data Protection Authority of Lower Saxony, Germany, has offered guidance on protecting data collected in the course of autonomous vehicle training.

  • Training recordings may be processing of personal data if the pictures include faces or license plates which are recognizable.
  • In order to effectively train the autonomous vehicle systems you need to collect training

The Washington Privacy Act is back and now includes provisions for handling personal data during a public health emergency such as a pandemic.

Its provisions are closer to the European Union’s General Data Privacy Regulation (GDPR) than the California Consumer Privacy Act (CCPA) and include:

  • Controller and processor obligations
  • Right of correction
  • Provisions regarding profiling

The European Data Protection Supervisor has issued guidance on data protection and body temperature taking.

Key takeaways:
  • Basic body temperature checks designed to measure body temperature only, operated manually and not followed by registration, documentation or other processing of individuals’ personal data are, in principle, not subject to the regulation.
  • Other systems of temperature checks,

Poland’s data protection authority, the UODO, offers guidance on email monitoring in the workplace:

  • The employer may introduce monitoring of the employee’s e-mail when it is necessary in the employer’s opinion to ensure work organization that allows full use of working time and proper use of the work tools provided to the employee.
  • The monitoring