When a US organization decides to self-certify under the EU-U.S. Privacy Shield, compliance with Privacy Shield principles becomes compulsory. This may be a problem for many US organizations because certain processing activities that they perform – which are perfectly lawful under American law — are unlawful under a Privacy Shield’s perspective. Why? And what to do? Let’s step […]
When a US organization decides to self-certify under the EU-U.S. Privacy Shield, compliance with Privacy Shield principles becomes compulsory. This may be a problem for many US organizations because certain processing activities that they perform – which are perfectly lawful under American law — are unlawful under a Privacy Shield’s perspective. Why? And what to do? Let’s step […]
Article 37(5) General Data Protection Regulation (GDPR) does not list with particularity the professional skills that should be considered when designating the Data Protection Officer (“DPO”). It provides: The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability […]
Article 37(5) General Data Protection Regulation (GDPR) does not list with particularity the professional skills that should be considered when designating the Data Protection Officer (“DPO”). It provides: The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability […]
The Advocate General (AG) of the Court of Justice of the European Union (ECJ) opined on the right to be forgotten in companies’ registers: no right to be forgotten there. In case C-393/15, the Corte di Cassazione (the Italian Supreme Court) asked the ECJ to clarify the right of individuals to be forgotten, to have their […]
On December 13, 2016, EU Article 29 Data Protection Working Party “(WP29”) dealt with several critical matters with regards to the implementation of the General Data Protection Regulation (GDPR) and the Privacy Shield. It also dealt with the enforcement measures on cases having a cross-border effect. As for the GDPR’s implementation, the WP29 importantly adopted: […]
On September 27, 2016, the Cloud Infrastructure Services Providers of Europe (CISPE) announced the publication of the Data Protection Code of Conduct for Cloud Infrastructures Services. The CISPE comprises several major European cloud infrastructure providers. The code of conduct provides that the certified cloud infrastructure providers: will process and store data exclusively within the EU/EEA […]
Tags: #C-SIG, CLOUD COMPUTING, DATA PROTECTION, INTERNATIONAL DATA PROTECTION
On October 25, 2016, the UK Information Commissioner’s Office (ICO) issued a revised code of practice and checklist on privacy notices, transparency and control. The code helps organizations required by the Data Protection Act 1998 (DPA) to “collect information about people, whether directly or indirectly” to provide transparent and accessible “privacy notices” to data subjects. The […]
Cookie regulation in Europe is quite strict. In a previous blog we discussed the cookie law of France, Germany, Italy and the UK, focusing on information to users, user consent and consequences of violations. However, cookies are not the only method to track users. There are cookie-free tracking methods that are similarly invasive, for example […]
Thanking CORDERY, we gladly publish the EU Data Protection – glossary (originally published by Cordery at http://www.corderycompliance.com/eu-data-protection-regulation-glossary/) We’ve put together this glossary to help explain some of the terms used in data protection and in the GDPR. If there’s a term you think we should add let us know. Agencia de Proteccción de Datos = the Spanish […]