Wrongful infringement needed to impose administrative sanction for GDPR violations

Wrongful infringement needed to impose administrative sanction for GDPR violations The ECJ decided two cases involving fines contested by entities in Lithuania and Germany. The Lithuanian National Public Health Centre challenged a €12,000 fine for creating a Covid-19 tracking app, while Deutsche Wohnen, a German real estate company, contested a fine exceeding €14 million for […]

The scope of the GDPR, the CCPA, and the 2020 Washington Privacy Act bill compared

UPDATE On Washington privacy Act  March 2020 – Washington Privacy Act fails again It was almost given for granted that the Washington Privacy Act would have passed this time. The Washington State House and Senate were debating two similar bills. The major difference was in the enforcement mechanism: while in the House’s Bill both the […]

DPIA( Data Protection Impact Assessment) in the GDPR – Guidelines, “blacklists” and whitelists

The GDPR requires controllers to implement appropriate measures to be able to demonstrate compliance with the GDPR itself, taking into account among others the “the risks of varying likelihood and severity for the rights and freedoms of natural persons” (article 24 (1)). In line with the risk-based approach embodied by the GDPR, carrying out a […]

Tags: ,

European Parliament publishes a paper on blockchain and the GDPR

European Parliament publishes a paper on blockchain and the GDPR, titled “The General Data Protection Regulation  Can distributed ledgers be squared with European data protection law?” Here is the link to this interesting paper: http://www.europarl.europa.eu/RegData/etudes/STUD/2019/634445/EPRS_STU(2019)634445_EN.pdf   More information. on GDPR and blockchain, Francesca Giannoni-Crystal 

Tags: ,

California federal court holds it can order production of evidence even though it may violate the GDPR

On February 14, 2019, the United States District Court for the Northern District of California ordered a United Kingdom citizen, party to a U.S. litigation, to produce in unredacted form e-mails containing personal information that could be protected under the GDPR. By way of background. In this patent infringement suit, Plaintiff owned patents involving computer […]

Tags: ,

Important question about the GDPR “one –stop shop” mechanism referred to the ECJ

On May 8, 2019, the Brussel’s Court of Appeal referred certain questions to the Court of Justice of the European Union (CJEU) to ensure that the Belgian Data Protection Authority (DPA) can pursue the case against Facebook also after the GDPR entered into force. In particular, the questions is whether the one-stop shop mechanism (which […]

Tags: ,

EDPB opinion on ePrivace Directive and GDPR respective scope of application

On March 12, 2019, the European Data Protection Board (EDPB) published an opinion defining the GDPR’s scope of application and providing an interpretation on data protection authorities’ competences, tasks and powers. The Belgian Data Protection Authority (DPA) requested the EDPB to examine and issue an opinion on the interplay between the ePrivacy Directive (2002/58/EC) and […]

Tags: ,

Dutch DPA is the first European DPA to publish fining policy under GDPR

On March 14, 2019, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, DPA) published on Netherlands Official Gazette its own General Data Protection Regulation (GDPR) fining policy. It is the first European Union (EU) country to do so. Article 83, GDPR, provides that DPAs can issue to controllers and processors “effective, proportionate and dissuasive” administrative fines […]

Tags: ,

1 2 3 21