On July 16, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), opened a consultation on a data sharing code of practice. The consultation closes on September 9, 2019. The data sharing code is a practical guide for controllers sharing personal data. It gives guidance on the applicable law and provides good […]
On February 11, 2019, President Trump signed an executive order on Maintaining American Leadership in Artificial Intelligence. The executive order has several sections, such as federal investment in AI research and development, data and computing resources for AI research and development, guidance for regulation of AI applications, AI and the American workforce, and an […]
On December 28, 2018, Google won summary judgment in a class action alleging that the company handles images in violation of the Illinois 2008 Biometric Information Privacy Act (BIPA). According to the District Court, “plaintiffs have not suffered an injury sufficient to establish Article III standing and their claims are dismissed.” In a (putative) class […]
A German subsidiary of H&M was fined over €35 million ($41.3 million) for violation of the GDPR in the use of its employees’ data. It was found that since 2014, H&M had been processing a considerable amount of data about its employees’ persona life (such as holiday experiences, family issues, religious beliefs, and illness […]
The City of Paris will not be able to sue the drones to monitor social distance any more. In a lawsuit filed by Human Rights League and Quadrature du Net against the city of Paris for its use of drones to monitor social distance, the Conseil d’Etat (State Council, France’s highest administrative court) ruled on […]
On 4 May 2020, the EDPB adopted the Guidelines 05/2020 on consent under Regulation 2016/679, Version 1.0. The Guidelines are based on the WP29 guidelines For more information Francesca Giannoni-Crystal edpb_guidelines_202005_consent_en
On 28 April 2020, the Belgian DPA sanction Proximus SA (previously Belgacom) for €50,000 on two basis: non-cooperation under Article 31 of the GDPR and violation of Article 38(6) of the GDPR by appointing as DPO the director of one of its departments (Head of Compliance, Risk and Audit). The problem with the latter was conflict […]
On April 23, 2020 a federal court officially approved the agreement reached between Facebook and the Federal Trade Commission (FTC) last July. FTC’s investigation began after the events of Cambridge Analytica in 2018. See here for more about this investigation. The reached settlement agreement received some criticism. Facebook agreed to shift its approach to privacy, […]
UPDATE – March 2020 – Washington Privacy Act fails again It was almost given for granted that the Washington Privacy Act would have passed this time. The Washington State House and Senate were debating two similar bills. The difference was in the enforcement mechanism: while in the House’s Bill both the Attorney General’s office and any […]
On January 31, 2020 the EDPS published Revised Guidelines on personal data and electronic communications in the EU institutions (eCommunications guidelines). Recognizing that for “most people, electronic communications (eCommunications) such as email, internet and telephony, occupy a central role in their day-to-day professional and personal activities” and that “eCommunications are essential for organisations to operate […]