Bahrain. Bahrain enacted Law No. 30, 2018, the law protecting personal data (Data Protection Law), which goes into force on August 1, 2019. Bahrain has several other laws with provisions relating to data protection, including: Law No. 16, 2014, regarding the Protection of Information and State Documents; Law No. 2, 2017, for Ratifying the Arab Agreement in Combating […]
On April 9, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), served a monetary penalty notice under section 55A of the Data Protection Act 1998 (DPA) of around $ 520,000. The fined company (Bounty) shared the personal data of over 14 million individuals to a number of organizations including credit reference […]
On March 25, 2019, Vienna’s higher Regional Court (Oberlandesgericht Wien) ruled that “every citizen can not only file a complaint with the data protection authority, but also submit a lawsuit in courts.” See here. The claims is complicated and concerns Facebook’s breach of EU privacy laws. See here for more info. The admissibility of […]
Update: In October 2019, the European Court of Justice held that in order to store cookies on user devices, the users must actively consent and that pre-checked checkbox that users must actively deselect is not a valid form of consent. The European Court of Justice also stated that all types of cookies require active consent, […]
On January 10, 2019, the Italian Garante per la Protezione dei Dati Personali, the Italian data protection authority, DPA, released an opinion according to which the deceased continues to enjoy the protections provided for by the data protection legislation. In a case of alleged malpractice, an individual asked a healthcare company to allow access […]
Regulation (EU) 2018/1807 of 14 November 2018, which deals with “non personal data” in the framework of the EU’s digital single market strategy; it aims at removing obstacles to data mobility and the internal single market. In particular, it prohibits data localization requirements by place EU Member States in point of storage or processing of non-personal data, […]
On February 2, 2019, the Spanish Data Protection Agency (AEPD) published a Survey on Device Fingerprinting. (“Survey“) “Device fingerprinting is the systematic gathering of information on a specific remote device with the aim of identifying, singling out and, thus being able to monitor its user’s activity for the purpose of profiling.” The data set extracted […]
On February 28, 2019, Thailand’s National Legislative Assembly passed the Personal Data Protection Act (PDPA). According to this source, the PDPA will be signed and endorsed by the monarch, and will then be published in the Government Gazette before to enter into force later this year. This article explains that the legislative text includes […]
On February 12, 2019 the European Data Protection Board (EDPB) warned that in the absence of an agreement between the EEA and the UK (no-deal Brexit), the UK will become a third country from 00.00 am CET on 30 March 2019. The EDPB provides 5 steps organizations that transfer data to the UK should take […]
On December 19, 2018, Advocate General Bobek, published his opinion in case C-40/17, deeming that anyone who enters the Facebook “Like” button on his website can be considered a joint controller. In this case, a German fashion online retailer embedded a Facebook’s ‘Like’ button in its website. As a result, when users landed on the […]