Polish DPA imposes first GDPR fine for breach of duty to inform data subjects

On March 26, 2019, Urzędu Ochrony Danych Osobowych (UODO), the Polish Data Protection Agency (DPA) imposed a fine of around $250,000 on a company for failure to fulfill its information obligation as a controller. The UODO explained that the controller did not meet the information obligation (Art. 14 (1) – (3), GDPR) in relation to […]

Tags: ,

Dutch DPA is the first European DPA to publish fining policy under GDPR

On March 14, 2019, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, DPA) published on Netherlands Official Gazette its own General Data Protection Regulation (GDPR) fining policy. It is the first European Union (EU) country to do so. Article 83, GDPR, provides that DPAs can issue to controllers and processors “effective, proportionate and dissuasive” administrative fines […]

Tags: ,

Spanish DPA publishes survey on device fingerprinting

  On February 2, 2019, the Spanish Data Protection Agency (AEPD) published a Survey on Device Fingerprinting. (“Survey“) “Device fingerprinting is the systematic gathering of information on a specific remote device with the aim of identifying, singling out and, thus being able to monitor its user’s activity for the purpose of profiling.” The data set […]

Tags: ,

Italian law defines blockchain and smart contracts

  On February 12, 2019, Law no. 12/2019, converting into law the so called Decreto Semplificazioni (“Simplification Decree”), Legislative Decree No. 135/2018 was published on the Italian Official Gazette no. 36/2019. Among other provisions, the Simplification Decree defines the concept of “technologies based on distributed ledgers (blockchain)” and “smart contracts”. “Technologies based on distributed ledgers” are technologies and […]

Tags:

European Commission’s update on GDPR after 8 months of its application (with list of member states’ harmonization laws)

  On January 25, 2015, the European Commission released a statement with an update about the effects of the adoption of Regulation 2016/679/EU (GDPR). See: Joint Statement by First Vice-President Timmermans, Vice-President Ansip, Commissioners Jourová and Gabriel ahead of Data Protection Day Since its entry into force on May 25, 2018, “citizens have become more […]

Tags:

CNIL publishes guidance on data transfer to third parties for electronic prospecting

On December 28, 2018, the French Data Protection Agency, the Commission Nationale de l’informatique et des Libertés (CNIL) published several principles to help companies comply with the General Data Protection Regulation (GDPR) while transferring personal data to their commercial partners for electronic prospecting. Particularly, the CNIL highlights how: the data subject must give consent before the […]

Tags: ,

GDPR complaints against Google for tracking filed with seven EU DPAs

On November 27, 2018, the European Consumer Organisation (BEUC), informed that seven EU consumer organizations filed complaints against Google with their national data protection authorities (DPAs) for breaching the General Data Protection Regulation (GDPR) in relation to how the company tracks its users’ location. The complaints are based on new research (Every step you take) […]

Tags: ,

Italian DPA opines words “father-mother” contained in new bill could force disclosure of inaccurate and unnecessary data

Expressing an opinion on a proposed bill aiming at substituting –in a 2015 Ministerial decree, Ministero dell’Interno del 23 dicembre 2015 – the words “father“ and “mother” in place of “parents or legal guardians” on the application for a minor’s ID, the Garante per la Protezione dei Dati (the Italian Data Protection Authority) highlights how the […]

1 2 3 19