A German investigation into Facebook Inc. shows that multinational companies could face probes from multiple data-protection regulators in Europe over the same missteps.
If you are a non-EU entity subject to GDPR, or are a part of a group of companies, the GDPR one stop shop mechanism may not help you.
Thinking through the role
The Hamburg Data Protection Authority (DPA) laid out guidelines for Google regarding its voice assistant that may reveal what DPAs may be expecting for compliance with GDPR (and some parts may be applicable for CCPA too) :
Specifically they require:
“Given the legal requirements for explicit, informed consent, it is obvious that the vast majority of cookie consent notices are not compliant with European privacy law – researchers at the University of Michigan have found.”
“If given a choice, just 0.1 percent of site visitors would freely choose to enable all cookie categories/vendors — i.e.
Meant for small and medium enterprises, a draft GDPR code of conduct for Data Processors has been submitted for approval in the Netherlands.
It contains detailed requirements for data processor compliance including:
The UK’s Information Commissioner’s Office (ICO) has announced a completion deadline for their code that will translate General Data Protection Regulation (GDPR) requirements into design standards that protect children who access online services.
The code is being refined following a consultation period and will be made final on November 23, 2019.
The ICO stated that
The International Organization for Standardization (ISO) published a standard for company’s to implement personal information management systems (PIMS). The ISO’s guidance aims to assist businesses with compliance goals and further the emphasis on personal data protection.
In the wake of the detailed privacy framework requirements of the recent FTC Facebook settlement and the California Consumer
A web developer study shows that when a cookie banner allows users to refuse cookies, 50 percent of users choose this option and subsequently refuse all third-party services.
However, when this choice is not available, we end up with a cookie acceptance rate between 90 and 98 percent via site users clicking the “I accept”
The European Commission has published a report looking at the impact of the EU data protection rules, and how implementation can be improved further.
For next steps, the Commission states that in 2020 it will assess the progress made after two years of application including on the review of the 11 adequacy decisions adopted under
“Some of Ireland’s best known heritage sites – such as Kilmainham Gaol, Dublin Castle and Muckross House – have been ordered to remove visitor books due to concerns they breach EU privacy and data protection rules.
The Office of Public Works (OPW) believes the books, in which visitors leave brief remarks along with their names
The court also held that: