ICO publishes updated report into adtech and real time bidding

  On June 20, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), published an update report into adtech and real time bidding. The ICO is waiting for the adtech sector response to the report and will then undertake a “further industry review in six months’ time”. The report focuses on Real-Time Bidding (RTB). […]

Tags: ,

ICO publishes draft data sharing code of practice and opens consultation

  On July 16, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), opened a consultation on a data sharing code of practice. The consultation closes on September 9, 2019. The data sharing code is a practical guide for controllers sharing personal data. It gives guidance on the applicable law and provides good […]

Tags: ,

CNIL adopts new guidance on cookies

  On July 4, 2019, the Commission Nationale de l’informatique et des Libertés (CNIL), the French Data Protection Authority (DPA) adopted new guidelines on cookies and other tracking devices (“Guidelines”). According to the press release, the scrolling down or swiping through a website or application is no longer viewed as a valid expression of consent to […]

Tags: ,

California federal court holds it can order production of evidence even though it may violate the GDPR

On February 14, 2019, the United States District Court for the Northern District of California ordered a United Kingdom citizen, party to a U.S. litigation, to produce in unredacted form e-mails containing personal information that could be protected under the GDPR. By way of background. In this patent infringement suit, Plaintiff owned patents involving computer […]

Tags: ,

Microsoft cloud banned from Hessian (Germany) schools due to data protection concerns

  On July 9, 2019, the Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI), the Hessian Commissioner for Data Protection and Freedom of Information, banned the use of Office 365 from Hessian schools because its cloud solution is not compliant with EU individuals’ data protection rights. The HBDI’s concern is whether schools – acting as a […]

Tags: ,

ICO’s notice of intent to issue record fine for Marriott’s data breach / update

    UPDATE ICO was requested the status of this proposed penalties on Nov 12, 2019. ICO issued a response ICO Disclosure Log – Response ENQ0889841: “[Marriott] made representations to the Information Commissioner regarding these notices in accordance with Schedule 16, paragraph 3(3) of the Data Protection Act 2018. The Information Commissioner is considering those representations in […]

Tags: ,

Italian DPA’s guidance on how to record processing activities

On October 8, 2018, the Italian Garante per la Protezione dei Dati Personali, the Italian data protection authority, DPA, released instructions on how to maintain a record of processing activities, as well as a sample document compliant with Regulation (EU) no. 679/2016, the General Data Protection Regulation, GDPR. The record – to be maintained by […]

Tags: ,

Reshaping of civil money penalties penalties for HIPAA violations

    On April 30, 2019, the Department of Health and Human Services (HHS) announced that it would be using its discretion in how it applies HHS regulations concerning the assessment of Civil Money Penalties (CMPs) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as such provision was amended by the Health […]


1 2 3 27