The aftermath of Cambridge Analytica’s scandal and other problems for Facebook in Europe

The scandal of Cambridge Analytica caused several consequences for Facebook in Europe. In the United Kingdom, the Information Commissioner (ICO) is investigating the use of personal data and analytics by political campaigns, parties, social media companies and other commercial actors by 30 organizations, including Facebook. See here. The Working Party 29(WP29) created a Social Media Working Group to develop a […]

Tags:

ICO’s data portability page

The Information Commissioner’s Office ICO published a resourceful page concerning the right to data portability. The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. Among the answers to several data portability related questions, the page contains a checklists for preparing for and complying with requests […]

Tags: ,

US discovery rules will likely override your EU privacy obligation: Plan ahead!

The E.D. Michigan held that despite European data protection laws that might restrict disclosure of personal information, a US litigant must comply with federal discovery rules even if that means producing documents stored in the EU.  Under EU Directive 46/1995 and the national implementation legislation,[i] personal information can only be processed according to privacy rules. Disclosure in […]

ICO publishes Data Protection Impact Assessments (DPIAs) guidance

On March 22, 2018, the Information Commissioner Officer (ICO) – the U.K. Data Protection Authority – published a detailed guidance for UK organizations on data protection impact assessments (DPIAs) under the GDPR to help companies identify and minimize the data protection risks of projects. The content of this detailed guidance is subject to public consultation, […]

Tags: ,

WP29’s plenary meeting: final guidelines on breach notification and profiling

In its plenary meeting held in February 2018, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). Among other documents, WP29 also adopted the final version of its guidelines on data breach notification and guidelines on automated individual decision-making and profiling. Moreover, the plenary […]

Tags: ,

UK Data Protection Regulator publishes new guidance on Data Protection Impact Assessments

The UK Data Protection Regulator, the Information Commissioner’s Office (ICO), published yesterday new guidance on conducting Data Protection Impact Assessments (DPIAs) under the General Data Protection Regulation (GDPR). The guidance follows earlier guidance from the Article 29 Working Party (WP29). This note uses some technical data protection terms which are explained in our Glossary here. […]

Tags:

CNIL releases guide for data processors

On September 29, 2017 the French Data Protection Authority (CNIL) published a guide for data processors, Guide du sous-traitant, in French, to aid data processor implementing the obligations set forth by the new EU General Data Protection Regulation (“GDPR”). More on the CNIL’s guide is available (in French) at https://www.cnil.fr… For more information on EU data protection’s state of […]

Tags: ,

Scientific research in Italy may be slowed down by new data processing rules

In an early effort to adapt Italian privacy law to the GDP, in November 2017, a new Article 110bis was approved for introduction in the Italian Privacy Code, redrafting the discipline concerning the re-use of data for scientific research or statistical purposes. The new Article 110bis, Italian Privacy Code, (Legislative Decree n. 196/2003) introduced three changes that […]

Tags: ,

Working document on Adequacy Referential (wp254)

On February 9, 2018, Working Party 29 (WP29) published the Working document on Adequacy Referential (wp254). The paper provides guidance to the European Commission and the WP29 for the assessment of the level of data protection in third countries and international organizations by “establishing the core data protection principles that have to be present in […]

Tags: ,

1 11 12 13 14 15 21