The Higher Regional Court of Cologne Germany has held that internal recorded statements, conversation notes or telephone notes constitute personal data and copies of them must be disclosed in response to a data access request.
The court also held that:
  • The information is not a trade secret since claims made by the plaintiff against his

“Some of Ireland’s best known heritage sites – such as Kilmainham Gaol, Dublin Castle and Muckross House – have been ordered to remove visitor books due to concerns they breach EU privacy and data protection rules.

The Office of Public Works (OPW) believes the books, in which visitors leave brief remarks along with their names

French regulator CNIL has issued its promised guidance on the use of web cookies.

Among the key takeaways:

  • you need to list all third parties involved in data collection
  • consent must be real
  • simply using a website is not sufficient consent and neither, as this point, are browser settings.

Also, if you meet a list

The Dutch Data Protection Authority has levied a fine of 460,000 euros on Haga Hospital for insufficient security following an investigation revealing that dozens of hospital staff had unnecessarily checked the medical records of a well-known Dutch person.

In addition, if the hospital has not improved security before October 2, 2019, it must pay 100,000

Checklist for drafting your controller-controller data sharing agreement (from the ICO Data Sharing Code of Conduct now out for public consultation):

  • What is the purpose of the data sharing initiative?
  • Which other organizations will be involved in the data sharing?
  • Are we sharing data along with another controller?
  • What data items are we going to

Questions to ask when sharing data between two data controllers (from the ICO Data Sharing Code of Conduct):

  • What is the sharing meant to achieve?
  • What information do we need to share?
  • Could we achieve the objective without sharing the data or by anonymizing it?
  • What risks does the data sharing pose to individuals?
  • Is

The European Data Protection Board has issued guidance on the use of video surveillance.
Key takeaways:
  • The monitoring purposes of cameras should be documented in writing.
  • Data subjects must be informed of the purpose(s) of the processing: “safety” or “for your safety” is not sufficient
  • The most likely legal bases for video surveillance are: legitimate

The European Data Protection Board has issued an opinion on lead supervisory authority in the event of a change of location of the main establishment of an organization.

Highlights:
  • Competence to act as lead supervisory authority can switch to another supervisory authority until a final decision has been reached.
  • Relocation of a main establishment to

“The General Data Protection Regulation (GDPR), while establishing a needed EU-wide privacy framework, will unfortunately inhibit the development and use of AI in Europe, putting firms in the EU at a competitive disadvantage to their North American and Asian competitors,” say the authors of a new report by the Center for Data Innovation in Washington.