CJEU: in the references for preliminary rulings the national judge must anonymise the data On July 20, 2018, the Official Journal of the European Union (C 257/1) published a document in which the European Court of Justice (“ECJ”) clarifies to national courts and tribunals the essential characteristics of the preliminary ruling procedure and the […]
On May 22, 2018, Vermont passed a new data broker piece of legislation, Act No. 171 (H.764), which adopts a number of consumer protection provisions relating to data brokers, their data collection practices, and consumers’ right to opt out of them. It ensures that data brokers have adequate security standards, it aims at prohibiting the […]
On August 14, 2018, the Brazilian president signed the Lei Geral de Proteção de Dados Pessoais (“LGPD”) into law. The LGPD is a comprehensive data privacy regulation, which has many similarities with the GDPR, such as for example its broad scope of application, which includes processing activities conducted wholly outside of Brazil, but affecting or […]
On May 22, 2018, the Garante per la Protezione dei Dati Personali, Italy’s Data Protection Authority (DPA), prohibited a company offering a comparison service for light, gas, mobile line, insurance, mortgages (and other services) on its website (Company) to process for marketing and sales purposes the data collected through a pop-up on its website. The […]
On May 16, 2018, the Garante per la Protezione dei Dati Personali, Italy’s Data Protection Authority (DPA), authorized the transfer of personal data using Binding Corporate Rules, BCR, approved by May 24, 2018. What is BCR. BCRs are a tool to allow the transfer of personal data among branches belonging to the same multinational company […]
Informazionefiscale.it reported an interesting interview with Marco Menegazzo, commander of the Special Privacy Unit of the Italian Guardia di Finanza, who spoke during the Privacy Day Forum held on May 25, 2018, and which dealt with privacy, sanctions and checks under the GDPR. Which checks will be carried out by the Italian authority under the GDPR? […]
On June 5, 2018, the European Court of Justice (CJEU), issued its preliminary ruling in C‑210/16, opining on the definition of data controller, applicable national law, and jurisdiction under EU data protection law according to Directive 95/46/EC. According to the CJEU’s judgement, EU companies that have been advertising through Facebook can be considered data […]
The CNIL, the French Data Protection Authority, has made available a software update to carry out a data protection impact assessment (DPIA). The software update can be downloaded at https://www.cnil.fr… The corresponding Italian version has been developed with the Garante per la protezione dei dati personali. See www.garanteprivacy.it… For more information on how […]
In its plenary meeting held in April 2018, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR) and adopted several key documents for the preparation of its application on the 25th of May 2018 such as the guidelines on consent and the guidelines on transparency. […]
The scandal of Cambridge Analytica caused several consequences for Facebook in Europe. In the United Kingdom, the Information Commissioner (ICO) is investigating the use of personal data and analytics by political campaigns, parties, social media companies and other commercial actors by 30 organizations, including Facebook. See here. The Working Party 29(WP29) created a Social Media Working Group to develop a […]