UK DPA fined “parenting club” company for violation of the principle of “fairness” in processing

  On April 9, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), served a monetary penalty notice under section 55A of the Data Protection Act 1998 (DPA) of around $ 520,000. The fined company (Bounty) shared the personal data of over 14 million individuals to a number of organizations including credit reference […]

Washington State privacy act moves ahead

  On Friday, March 22, 2019,  the Washington State House of Representative’s Committee on Innovation, Technology and Economic Development held its first public hearing on the proposed privacy legislation, SB 5376. The Washington privacy act, SB 5376, was introduced January 17, 2019 and passed its third reading in the Senate with 46 votes (against 1) on […]

Dutch DPA is the first European DPA to publish fining policy under GDPR

On March 14, 2019, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, DPA) published on Netherlands Official Gazette its own General Data Protection Regulation (GDPR) fining policy. It is the first European Union (EU) country to do so. Article 83, GDPR, provides that DPAs can issue to controllers and processors “effective, proportionate and dissuasive” administrative fines […]

Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union

Regulation (EU) 2018/1807 of 14 November 2018, which deals with “non personal data” in the framework of the EU’s digital single market strategy; it aims at removing obstacles to data mobility and the internal single market. In particular, it prohibits data localization requirements by place EU Member States in point of storage or processing of non-personal data, […]

Spanish DPA publishes survey on device fingerprinting

  On February 2, 2019, the Spanish Data Protection Agency (AEPD) published a Survey on Device Fingerprinting. (“Survey“) “Device fingerprinting is the systematic gathering of information on a specific remote device with the aim of identifying, singling out and, thus being able to monitor its user’s activity for the purpose of profiling.” The data set […]

Bulgaria adopts GDPR harmonization law

On February 20, 2019, Bulgaria adopted the General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) harmonization law. The law amends and supplements the previous data protection act from 2002. It also transposes the EU Law Enforcement Directive (Directive (EU) 2016/680). The new Law on Personal Data Protection (LASLPDP) entered into force on March 2, 2019 […]

German Antitrust ordered Facebook to stop “combining” data of German users without voluntary consent

  On February 7, 2019, the Bundeskartellamt, the German antitrust authority, prohibited Facebook from combining data concerning German Facebook users gathered also from third party websites when the user didn’t give voluntary consent to this practice. The decision concerns all private users of Facebook based in Germany. According to the Bundeskartellamt’s decision, until now, individuals […]