On November 7, 2019, the European Data Protection Supervisor (EDPS) [i] issued the Guidelines on the concepts of controller, processor and joint controllership under Regulation (EU) 2018/1725 (“Guidelines”). As a background, Regulation (EU) 2018/1725[ii] (“Regulation”) applies to the processing of personal data by the Union institutions, bodies, offices and agencies. The Guidelines aim at providing […]
This guidance aims at helping controllers “to decide when to rely on legitimate interests as … basis for processing personal data and when to look at alternatives.” The entire Guidance is helpful but particularly helpful are the sections: “Are there cases when legitimate interests is likely to apply?” The GDPR highlights some processing activities where […]
On October 8th and 9th, 2019, the European Data Protection Board (“EDPB“), which is the EU body in charge of the application of the General Data Protection Regulation (“GDPR) and consists of a representative of each EU DPA and of the European Data Protection Supervisor (EDPS), met for its fourteenth plenary session and: – adopted the final […]
Europeans have the right to disappear from a search engine’s results under certain conditions. Directive 46/1995 as interpreted by Google Spain judgment (Case C-131/12) and GDPR Article 17. This is the so called “right to be forgotten” or right of erasure (also known as de-referencing or de-listing). The Court of Justice of the European Union […]
On June 20, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), published an update report into adtech and real time bidding. The ICO is waiting for the adtech sector response to the report and will then undertake a “further industry review in six months’ time”. The report focuses on Real-Time Bidding (RTB). […]
On July 17, 2019, the European Data Protection Supervisor (EDPS) adopted and published a list of the types of processing operations that require a data protection impact assessment (DPIA) under Article 39 of Regulation (EU) 2018/1725 for the EU institution. The EDPS also adopted a list of those processing that at first sight do not […]
On July 10, 2019, the European Data Protection Board (EDPB) adopted Guidelines 3/2019 on processing of personal data through video devices. Objective of the guidelines is to provide guidance on how to apply the General Data Protection Regulation, GDPR, in relation to the processing of personal data through video devices. The Guidelines provide several […]
On July 3, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), published a new guidance on the use of cookies. The guidance explains what cookies and similar technologies are, the applicable rules, and how they relate to the General Data Protection Regulation (GDPR) as well as how to comply with the cookie rules. […]
UPDATE ICO was requested the status of this proposed penalties on Nov 12, 2019. ICO issued a response ICO Disclosure Log – Response ENQ0889841: “[Marriott] made representations to the Information Commissioner regarding these notices in accordance with Schedule 16, paragraph 3(3) of the Data Protection Act 2018. The Information Commissioner is considering those representations in deciding […]
On October 8, 2018, the Italian Garante per la Protezione dei Dati Personali, the Italian data protection authority, DPA, released instructions on how to maintain a record of processing activities, as well as a sample document compliant with Regulation (EU) no. 679/2016, the General Data Protection Regulation, GDPR. The record – to be maintained by […]