On 28 January 2020 adopted the European Data Protection Board (“EDPB”) adopted the Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications. The EDPB states that “connected vehicles are generating increasing amounts of data, most of which can be considered personal data since they will relate to drivers […]
The GDPR requires controllers to implement appropriate measures to be able to demonstrate compliance with the GDPR itself, taking into account among others the “the risks of varying likelihood and severity for the rights and freedoms of natural persons” (article 24 (1)). In line with the risk-based approach embodied by the GDPR, carrying out a […]
The Italian DPA (“Garante per la Protezione dei dati Personali”) issued a penalty of € 27,802,946 to cell phone carrier Tim Sp.A. for numerous and serious violations of data protection related to processing for marketing activities. The violations affected a few million people overall. From January 2017 to the first months of 2019, the DPA […]
On December 19, 2019, ECJ’s Advocate General (“AG”)Saugmandsgaard Øe delivered his opinion in case Case C‑311/18. In particular, the AG notes that the request for a preliminary ruling submitted by the High Court of Ireland (‘the High Court’) relates to one of the forms that the “appropriate safeguards” may take: a contract between the exporter and the importer […]
Opining in a case in which the ECJ is asked to interpret Directive on privacy and electronic communications to activities relating to national security and combatting terrorism on four references for a preliminary ruling [1] the Advocate General Campos Sánchez-Bordona clarifies the means and methods of combating terrorism must be compatible with the requirements of […]
Update: On September 9, 2019, the Department of Health and Human Services’ Office for Civil Rights settles its first HIPAA violation case under its 2019 Right of Access Initiative. Bayfront Health St. Petersburg (Bayfront), a Florida hospital, paid $85,000 to OCR and adopted a corrective action plan to settle a potential violation of the right […]
On May 23, 2019, Nevada’s Senate approved NV SB 220; an act prohibiting website operators collecting information from consumers from making any sale of certain information about a consumer-like address, email, SSN or phone number – if so directed by the consumer. SB 220 modifies the Nevada Privacy of Information Collected Online (NPICIC) law (NRS […]
On Nov 8, 2019 also the Spanish DPA (Agencia espanola de proteccion de datos – AEPD) issued a guidance on cookies. The guidance (“Guia Sobre el Uso del las Cookies”, “Guia”) applies to cookies and other technologies. After an introduction, the Guia consists of 4 sections:1. ALCANCE DE LAS NORMAS (scope); 2 TERMINOLOGÍA Y DEFINICIONES […]
On November 12 and 13, 2019, the European Data Protection Board (EDPB) met in its fifteenth plenary session. The EDPB discussed important topics. Adoption of EU-US Privacy Shield Third Annual Review Report. After the Third Annual Joint Review of the Shield, the EDPB adopted its report. The EDPB appreciates the improvements by the US Authorities[i] […]
The Personal Data Protection Bill has been listed to be tabled in the Winter Session of the Indian Parliament which will begin on November 18, as published on Lok Sabha website. This Bill applies to the processing of consumer data by corporate entities. The businesses will be required to obtain consent from consumers to use […]