Privacy Update for the 15th November 2019

In the news this week:

The ICO says it should be granted the power to seize assets and cash, and undertake financial investigations, including search and seizure warrants. The regulator argues that these powers are essential as personal data has a monetary value.

Irish DPA highlights that whilst data protection is a fundamental right it is not an absolute right.

The EDPB adopted a final version of the Guidelines on Territorial Scope following public consultation.

ExxonMobil’s Binding Corporate Rules submitted to the Board by the Belgian Supervisory Authority have been approved by the EDPB.

ICO blog around special category personal data whilst updating it’s guidance in this area.

US Federal Court rules suspicionless searches of travelers’ phones and laptops unconstitutional.

Google is to be investigated over how it is accessing US patient data with the second-largest US health system, the Wall Street Journal reports.

An FT investigation has shown that people’s most sensitive health data, including their medical symptoms, diagnoses and period and fertility information, are being traded with dozens of companies around the world, including Google, Amazon and Facebook.

The Lower Saxony DPA has audited 50 large and medium-sized organizations on their implementation of the requirements of the GDPR. In summary – Green 9 organizations; Yellow 32 organizations; Red 8 organizations.

AccuWeather stops deceptively gathering users’ location data following EPIC Suit.

Facebook reports government demands for user data are at a record high increasing by 16% to 128,617 in the six month period. US, India, UK, Germany and France account for top 5 requests.

New Zealand Privacy Commissioner John Edwards slams new terror law as ‘obnoxious’ and an intrusion of privacy.

Microsoft makes bold decision to apply CCPA obligations to all US users data not just Californians.

Berlin DPA says Google Analytics and similar services can only be used with consent and non-compliance may result in significant fines under the GDPR.

Meanwhile the Spanish DPA releases it guide on cookies and takes a slightly different approach.

UK insurer compensated over data theft with the man who sold data acquired from an Aviva insider being ordered to pay the insurer just under £109,000.

A US appeals court has denied LinkedIn’s petition to reconsider a decision that allowed a startup to scrape its users’ data.


Previous Privacy update posts can be found here.


Leave a Comment

Your email address will not be published.