Spanish DPA’s guidance on cookies

On Nov 8, 2019 also the Spanish DPA (Agencia espanola de proteccion de datos – AEPD) issued a guidance on cookies. The guidance (“Guia Sobre el Uso del las Cookies”, “Guia”) applies to cookies and other technologies. After an introduction, the Guia consists of 4 sections:1. ALCANCE DE LAS NORMAS (scope); 2 TERMINOLOGÍA Y DEFINICIONES […]

EDPS Guidelines on controller, processor, and joint controllers: an overview

On November 7, 2019, the European Data Protection Supervisor (EDPS) [i] issued the Guidelines on the concepts of controller, processor and joint controllership under Regulation (EU) 2018/1725 (“Guidelines”). As a background, Regulation (EU) 2018/1725[ii] (“Regulation”) applies to the processing of personal data by the Union institutions, bodies, offices and agencies. The Guidelines aim at providing […]

ICO’s Guidance on legitimate interests

This guidance aims at helping controllers “to decide when to rely on legitimate interests as … basis for processing personal data and when to look at alternatives.” The entire Guidance is helpful but particularly helpful are the sections: “Are there cases when legitimate interests is likely to apply?” The GDPR highlights some processing activities where […]

ICO’s opinion on live facial recognition by enforcement authorities

On October 31, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), published an opinion on live facial recognition (“LFR”) by enforcement authorities: The use of live facial recognition technology by law enforcement in public places (“Opinion”) The ICO points out that a statutory and binding code of practice issued by government, modelled on […]

Google “Safari Workaround” action’s “block” overturned by UK Court of Appeal

On October 2, 2019, the UK Court of Appeal unanimously overturned a block on a “class-action” lawsuit (technically a “collective action”) brought by a veteran on behalf of millions iPhone users against  Google for the latter’s use of “Safari Workaround” . Now the case can be heard. The lawsuit alleges that Google secretly tracked some […]

EDPB’s 14th Plenary Session

On October 8th and 9th, 2019, the European Data Protection Board (“EDPB“), which is the EU body in charge of the application of the General Data Protection Regulation (“GDPR) and consists of a representative of each EU DPA and of the European Data Protection Supervisor (EDPS), met for its fourteenth plenary session and: – adopted the final […]

The agenda of EDPB’s Thirteenth Plenary Meeting

The EDPB (European Data Protection Board) made public its agenda for the Thirteenth Plenary Meeting of the 10 September 2019. The agenda includes a tribute to Giovanni Buttarelli, former European Data Protection Supervisor and one of the most respected figures in data protection, after his death last month. The agenda includes a discussion on the guidelines on data subject […]