Wrongful infringement needed to impose administrative sanction for GDPR violations The ECJ decided two cases involving fines contested by entities in Lithuania and Germany. The Lithuanian National Public Health Centre challenged a €12,000 fine for creating a Covid-19 tracking app, while Deutsche Wohnen, a German real estate company, contested a fine exceeding €14 million for […]
A German subsidiary of H&M was fined over €35 million ($41.3 million) for violation of the GDPR in the use of its employees’ data. It was found that since 2014, H&M had been processing a considerable amount of data about its employees’ persona life (such as holiday experiences, family issues, religious beliefs, and illness […]
On November 12 and 13, 2019, the European Data Protection Board (EDPB) met in its fifteenth plenary session. The EDPB discussed important topics. Adoption of EU-US Privacy Shield Third Annual Review Report. After the Third Annual Joint Review of the Shield, the EDPB adopted its report. The EDPB appreciates the improvements by the US Authorities[i] […]
The Personal Data Protection Bill has been listed to be tabled in the Winter Session of the Indian Parliament which will begin on November 18, as published on Lok Sabha website. This Bill applies to the processing of consumer data by corporate entities. The businesses will be required to obtain consent from consumers to use […]
ICO published a veery useful guide dedicated to “data protection officers and others who have day-to-day responsibility for data protection” aimed at “small and medium-sized organisations”. See here
The centralized electronic invoicing system (e-invoicing), as originally structured by the Agenzia delle Entrate (“Agenzia”), the Italian tax authority, has been significantly curtailed by a recent decision of the Italian DPA (Garante Privacy, “Garante”). In its decision, the Garante found that the system contained major critical issues vis-a-vis data protection law. The e-invoicing is a […]
On October 10, 2018, the Portuguese Data Protection Authority (CNPD) found the Barreiro Hospital guilty of violating the integrity and confidentiality principle and the data minimization principle set forth by the GDPR. According to this source, the infringements were punished with a fine of €400,000. The hospital is going to fight the fine, this source […]
On October 4, 2018, the European Parliament adopted the proposed EU Regulation on the Free Flow of Non-Personal Data in the European Union. The Regulation aims at removing obstacles to the free movement of non-personal data within the European Union. The Regulation does not cover data mobility outside the EU. The approved Regulation does not […]
In September 2018, the French Data Protection Agency, the Commission Nationale de l’informatique et des Libertés (CNIL) published a report explaining how Blockchain relates to the GDPR (“Report”). In particular the Report highlights the following. WHO IS THE CONTROLLER IN A BLOCKCHAIN TRANSACTION. Users of the web who decide to submit a transaction to the validation […]
Tags: blockchain, GDPR
On September 19, 2018, Legislative Decree n. 101/2018 harmonizing the Italian privacy law with the General Data Protection Regulation (GDPR) entered into force. Legislative Decree was published on the Official Italian Gazette (Gazzetta ufficiale n. 205 04-09-2018) on September 4, 2018. More on the Legislative Decree and the Italian Privacy Code (Legislative Decree 196/2003) is available […]