Search

The scandal of Cambridge Analytica caused several consequences for Facebook in Europe. In the United Kingdom, the Information Commissioner (ICO) is investigating the use of personal data and analytics by political campaigns, parties, social media companies and other commercial actors by 30 organizations, including Facebook. See here. The Working Party 29(WP29) created a Social Media Working Group to develop a […]

The Information Commissioner’s Office ICO published a resourceful page concerning the right to data portability. The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. Among the answers to several data portability related questions, the page contains a checklists for preparing for and complying with requests […]

According to Reuters, Facebook is modifying its terms and conditions so that the data of around one and a half billion of its users will be processed by Facebook USA rather than Facebook Ireland. As of today, the data of the users of Africa, Asia, Oceania and Latin America are processed by Facebook Ireland, thus […]

The E.D. Michigan held that despite European data protection laws that might restrict disclosure of personal information, a US litigant must comply with federal discovery rules even if that means producing documents stored in the EU.  Under EU Directive 46/1995 and the national implementation legislation,[i] personal information can only be processed according to privacy rules. Disclosure in […]

On March 22, 2018, the Information Commissioner Officer (ICO) – the U.K. Data Protection Authority – published a detailed guidance for UK organizations on data protection impact assessments (DPIAs) under the GDPR to help companies identify and minimize the data protection risks of projects. The content of this detailed guidance is subject to public consultation, […]

In its plenary meeting held in February 2018, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). Among other documents, WP29 also adopted the final version of its guidelines on data breach notification and guidelines on automated individual decision-making and profiling. Moreover, the plenary […]

The UK Data Protection Regulator, the Information Commissioner’s Office (ICO), published yesterday new guidance on conducting Data Protection Impact Assessments (DPIAs) under the General Data Protection Regulation (GDPR). The guidance follows earlier guidance from the Article 29 Working Party (WP29). This note uses some technical data protection terms which are explained in our Glossary here. […]

On September 29, 2017 the French Data Protection Authority (CNIL) published a guide for data processors, Guide du sous-traitant, in French, to aid data processor implementing the obligations set forth by the new EU General Data Protection Regulation (“GDPR”). More on the CNIL’s guide is available (in French) at https://www.cnil.fr… For more information on EU data protection’s state of […]

In an early effort to adapt Italian privacy law to the GDP, in November 2017, a new Article 110bis was approved for introduction in the Italian Privacy Code, redrafting the discipline concerning the re-use of data for scientific research or statistical purposes. The new Article 110bis, Italian Privacy Code, (Legislative Decree n. 196/2003) introduced three changes that […]

On February 9, 2018, Working Party 29 (WP29) published the Working document on Adequacy Referential (wp254). The paper provides guidance to the European Commission and the WP29 for the assessment of the level of data protection in third countries and international organizations by “establishing the core data protection principles that have to be present in […]