On July 3, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), published a new guidance on the use of cookies. The guidance explains what cookies and similar technologies are, the applicable rules, and how they relate to the General Data Protection Regulation (GDPR) as well as how to comply with the cookie rules. […]
UPDATE ICO was requested the status of this proposed penalties on Nov 12, 2019. ICO issued a response ICO Disclosure Log – Response ENQ0889841: “[Marriott] made representations to the Information Commissioner regarding these notices in accordance with Schedule 16, paragraph 3(3) of the Data Protection Act 2018. The Information Commissioner is considering those representations in deciding […]
On July 9, 2019, the European Court of Justice (CJEU) heard oral arguments on a landmark case concerning Facebook’s transfer of personal data from the EU to the US on the basis of the currently utilized “standard contractual clauses” (SCCs) mechanism. The CJEU’s decision — will have tangible consequences for businesses performing data transfers from […]
On June 28, 2019, the Garante per la protezione dei dati personali, the Italian Data Protection Authority issued a EUR 1 million fine against Facebook following the scandal of Cambridge Analytica. See here for more info. According to the Italian DPA, 57 Italian users downloaded the incriminated application through the Facebook login function. This […]
On October 8, 2018, the Italian Garante per la Protezione dei Dati Personali, the Italian data protection authority, DPA, released instructions on how to maintain a record of processing activities, as well as a sample document compliant with Regulation (EU) no. 679/2016, the General Data Protection Regulation, GDPR. The record – to be maintained by […]
On June 6, 2019 Attorney General Letitia James, announced a $65,000 settlement with online retailer Bombas LLC for failing to provide notice of payment cards consumers’ data breach that affected 39,561 consumers. In 2014 unauthorized intruders inserted malicious software code to steal payment card information into the ecommerce platform supporting Bombas’ website. Intruders accessed customer […]
On June 7, 2019, the Official Journal of the European Union (OJEU) published Regulation (EU) 2019/881, the EU Cybersecurity Act. The EU Cybersecurity Act aims at ensuring the proper functioning of the internal market while achieving a high level of cybersecurity, cyber resilience and trust within the EU. It lays down: (a) the […]
On May 20, 2019, the Corte di Cassazione, the Italian Supreme Court, clarified that if the damage is not proven, there is no crime for the violation of privacy under the Italian Privacy Code (Article 167, Legislative Decree 196/2003). In this case, a father and a son were involved in a civil proceeding. The father […]
On January 29, 2019, the French Data Protection Agency, the Commission Nationale de l’informatique et des Libertés (CNIL) imposed a fine of 50 million Euros on Google LLC under the EU General Data Protection Regulation (GDPR) for failure to (i) provide information to users configuring their Android mobile device and creating a Google account in breach of […]
On April 25, 2019, the Nigeria Data Protection Regulation 2019 entered into force. The Regulation was issued by the National Information Technology Development Agency, NITDA, and it mirrors the EU General Data Protection Regulation (GDPR). The Regulation’s scope of application is quite broad. It applies to all transactions intended for the processing of personal data […]