EDPS published revised eCommunications guidelines for EU institutions

On January 31, 2020 the EDPS published Revised Guidelines on personal data and electronic communications in the EU institutions (eCommunications guidelines). Recognizing that for “most people, electronic communications (eCommunications) such as email, internet and telephony, occupy a central role in their day-to-day professional and personal activities” and that “eCommunications are essential for organisations to operate […]

EDPB’s Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications

On  28 January 2020 adopted the European Data Protection Board (“EDPB”) adopted the Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications. The EDPB states that “connected vehicles are generating increasing amounts of data, most of which can be considered personal data since they will relate to drivers […]

DPIA( Data Protection Impact Assessment) in the GDPR – Guidelines, “blacklists” and whitelists

The GDPR requires controllers to implement appropriate measures to be able to demonstrate compliance with the GDPR itself, taking into account among others the “the risks of varying likelihood and severity for the rights and freedoms of natural persons” (article 24 (1)). In line with the risk-based approach embodied by the GDPR, carrying out a […]

Italian DPA sanctions cell phone carrier EUR 28 million over unlawful data processing

The Italian DPA (“Garante per la Protezione dei dati Personali”) issued a penalty of € 27,802,946 to cell phone carrier Tim Sp.A. for numerous and serious violations of data protection related to processing for marketing activities. The violations affected a few million people overall. From January 2017 to the first months of 2019, the DPA […]

(ECJ) Advocate General’s opinion in case Case C‑311/18 (so called “Schrems II”)

On December 19, 2019, ECJ’s Advocate General (“AG”)Saugmandsgaard Øe delivered his opinion in case Case C‑311/18. In particular, the AG notes that the request for a preliminary ruling submitted by the High Court of Ireland (‘the High Court’) relates to one of the forms that the “appropriate safeguards” may take: a contract between the exporter and the importer […]

Advocate General Campos Sánchez-Bordona (ECJ)opines the means and methods of combating terrorism must be compatible with the requirements of the rule of law

Opining in a case in which the ECJ is asked to interpret Directive on privacy and electronic communications to activities relating to national security and combatting terrorism on four references for a preliminary ruling [1] the Advocate General Campos Sánchez-Bordona clarifies the means and methods of combating terrorism must be compatible with the requirements of […]

Spanish DPA’s guidance on cookies

On Nov 8, 2019 also the Spanish DPA (Agencia espanola de proteccion de datos – AEPD) issued a guidance on cookies. The guidance (“Guia Sobre el Uso del las Cookies”, “Guia”) applies to cookies and other technologies. After an introduction, the Guia consists of 4 sections:1. ALCANCE DE LAS NORMAS (scope); 2 TERMINOLOGÍA Y DEFINICIONES […]