In June 2018, the EU issued updated guidance on certification and identifying certification criteria for Articles 42 and 43 of the GDPR. We are now 18 months further down the road, but there does not seem to be a light at the end of the tunnel. There was a brief glimmer of hope when ISO …
The long and winding road that leads to GDPR certification Read More »
In the news this week: The UK debate on US access to a goldmine of National Health Service Data. UK Government accused of breaching EU state aid rules by granting Amazon free access to NHS data. (pay walled) Internet provider 1and1 hit with €9.6m fine from German DPA for lax customer authentication protocols. Internet provider Rapidata GmbH fined €10,000 for not appointing a DPO from …
In the news this week: EDPS investigates European Parliament’s 2019 election activities and takes enforcement actions. Wiewiórowski voted next EDPS. Canadian AggregateIQ broke privacy laws in work for pro-Brexit campaign. An Australian National Audit Office review has found cybersecurity and privacy risks for My Health Record were not properly managed. German murderer wins ‘right to be forgotten’. Brazil consider staggering the implementation …
In the news this week: The GDPR enforcement tracker from CMS Law had been updated to allow for sorting and filtering by country and GDPR article. It also references the GDPR articles mentioned in the regulatory actions. Microsoft changes terms after investigation by the EDPS. The Dutch Ministry of Justice and Security also found similar issues in Microsoft’s contracts. …
In the news this week: The ICO says it should be granted the power to seize assets and cash, and undertake financial investigations, including search and seizure warrants. The regulator argues that these powers are essential as personal data has a monetary value. Irish DPA highlights that whilst data protection is a fundamental right it is not …
In the news this week: Joint paper of the Spanish data protection authority, (AEPD), and the European Data Protection Supervisor (EDPS) on hash techniques in data processing activities as a safeguard for personal data. Trend Micro rogue employee exposes customer data. Google acquires 28 million users’ data in Fitbit deal – EU raises concerns of acquiring companies for their data. …
In the news this week: EDPS publishes its latest Newsletter. Revised Draft ePrivacy Regulation published in advance of 7th November meeting of Working Party on Telecommunications and Information Society. Following on from the news two weeks ago that an Austrian lawyer received €800 for special category data processing without consent or lawful basis – Austrian DPA orders Austrian Post to immediately stop …
This week’s news from the ICDPPC in Tirana: How global collaboration helps the UK, a blog post from Elizabeth Denham. Elizabeth Denham’s opening speech from ICDPPC. The conference passed several resolutions: Resolution on the Conference’s strategic direction (2019-21). Resolution on the promotion of new and long-term practical instruments and continued legal efforts for effective cooperation in cross-border enforcement. International resolution …
In the news this week: Article 82 – specifically related to non-material compensation: Following a SAR, Salisbury man receives £1,500 following his medical records being accessed and shared without his consent. Austrian lawyer receives €800 for special category data processing without consent or lawful basis – finds Court of Feldkirch (Austria) Romania’s DPA (ANSPDCP) has fined Raiffeisen Bank and local …
In the news this week: Fieldfisher review the latest CJEU decisions. GDPR review comments from 19 EU member states. Google to address ad frequency with machine learning when cookies aren’t available. How Photos of Your Kids Are Powering Surveillance Technology – MegaFace the benchmark for testing every facial recognition product. CCPA California Attorney General Xavier Becerra released advance copies of the much awaited …
