On July 16, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), opened a consultation on a data sharing code of practice. The consultation closes on September 9, 2019. The data sharing code is a practical guide for controllers sharing personal data. It gives guidance on the applicable law and provides good […]
On December 28, 2018, Google won summary judgment in a class action alleging that the company handles images in violation of the Illinois 2008 Biometric Information Privacy Act (BIPA). According to the District Court, “plaintiffs have not suffered an injury sufficient to establish Article III standing and their claims are dismissed.” In a (putative) class […]
A German subsidiary of H&M was fined over €35 million ($41.3 million) for violation of the GDPR in the use of its employees’ data. It was found that since 2014, H&M had been processing a considerable amount of data about its employees’ persona life (such as holiday experiences, family issues, religious beliefs, and illness […]
The City of Paris will not be able to sue the drones to monitor social distance any more. In a lawsuit filed by Human Rights League and Quadrature du Net against the city of Paris for its use of drones to monitor social distance, the Conseil d’Etat (State Council, France’s highest administrative court) ruled on […]
On 4 May 2020, the EDPB adopted the Guidelines 05/2020 on consent under Regulation 2016/679, Version 1.0. The Guidelines are based on the WP29 guidelines For more information Francesca Giannoni-Crystal edpb_guidelines_202005_consent_en
On 28 April 2020, the Belgian DPA sanction Proximus SA (previously Belgacom) for €50,000 on two basis: non-cooperation under Article 31 of the GDPR and violation of Article 38(6) of the GDPR by appointing as DPO the director of one of its departments (Head of Compliance, Risk and Audit). The problem with the latter was conflict […]
On January 31, 2020 the EDPS published Revised Guidelines on personal data and electronic communications in the EU institutions (eCommunications guidelines). Recognizing that for “most people, electronic communications (eCommunications) such as email, internet and telephony, occupy a central role in their day-to-day professional and personal activities” and that “eCommunications are essential for organisations to operate […]
On 28 January 2020 adopted the European Data Protection Board (“EDPB”) adopted the Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications. The EDPB states that “connected vehicles are generating increasing amounts of data, most of which can be considered personal data since they will relate to drivers […]
The GDPR requires controllers to implement appropriate measures to be able to demonstrate compliance with the GDPR itself, taking into account among others the “the risks of varying likelihood and severity for the rights and freedoms of natural persons” (article 24 (1)). In line with the risk-based approach embodied by the GDPR, carrying out a […]
The Italian DPA (“Garante per la Protezione dei dati Personali”) issued a penalty of € 27,802,946 to cell phone carrier Tim Sp.A. for numerous and serious violations of data protection related to processing for marketing activities. The violations affected a few million people overall. From January 2017 to the first months of 2019, the DPA […]