Francesca Giannoni-Crystal, Federica Romanelli, The key aspects of the GDPR, i.e.a step to implement the European Digital Single Market Strategy

To establish common rules on data protection and to help implement the Digital Single Market Strategy, the European Union set forth two instruments to reform the 1995 data protection rules (see here): the General Data Protection Regulation (“GDPR”) the Data Protection Directive to ensure cross-border cooperation and protect personal data in the police and criminal […]

Tags:

The key aspects of the GDPR, i.e.a step to implement the European Digital Single Market Strategy

To establish common rules on data protection and to help implement the Digital Single Market Strategy, the European Union set forth two instruments to reform the 1995 data protection rules (see here): the Gen eral Data Protection Regulation (“GDPR”) the Data Protection Directive to ensure cross-border cooperation and protect personal data in the police and […]

Tags:

WP29’s 2016 action plan for implementing GDPR (transition to European Data Protection Board among the priorities)

On February 2, 2016, Article 29 Working Party (WP29) released a statement containing “the 2016 action plan for the implementation of the General Data Protection Regulation (GDPR)” that will guide the implementation of the General Data Protection Regulation (GDPR). The document particularly offers guidance on the transition toward the European Data Protection Board (EDPB). In the GDPR, DPAs […]

Tags: ,

Illinois District court finds that improper collection and retention of face-scan measurements doesn’t constituted an injury-in-fact sufficient to meet Article III standing requirements

    On December 28, 2018, Google won summary judgment in a class action alleging that the company handles images in violation of the Illinois 2008 Biometric Information Privacy Act (BIPA). According to the District Court, “plaintiffs have not suffered an injury sufficient to establish Article III standing and their claims are dismissed.” In a (putative) class […]

Tags: , , ,

German subsidiary of H&M fined over €35 million ($41.3 million) for misuse of employees’ data

  A German subsidiary of H&M was fined over €35 million ($41.3 million) for violation of the GDPR in the use of its employees’ data. It was found that since 2014, H&M had been processing a considerable amount of data about its employees’ persona life (such as holiday experiences, family issues, religious beliefs, and illness […]

Tags: ,

Belgian DPA sanctions a controller for appointing as DPO the director of one of its departments

On 28 April 2020, the Belgian DPA sanction Proximus SA (previously Belgacom) for €50,000 on two basis:  non-cooperation under Article 31 of the GDPR and violation of Article 38(6) of the GDPR by appointing as DPO the director of one of its departments (Head of Compliance, Risk and Audit). The problem with the latter was conflict […]

Tags: ,

EDPS published revised eCommunications guidelines for EU institutions

On January 31, 2020 the EDPS published Revised Guidelines on personal data and electronic communications in the EU institutions (eCommunications guidelines). Recognizing that for “most people, electronic communications (eCommunications) such as email, internet and telephony, occupy a central role in their day-to-day professional and personal activities” and that “eCommunications are essential for organisations to operate […]

Tags: ,

(ECJ) Advocate General’s opinion in case Case C‑311/18 (so called “Schrems II”)

On December 19, 2019, ECJ’s Advocate General (“AG”)Saugmandsgaard Øe delivered his opinion in case Case C‑311/18. In particular, the AG notes that the request for a preliminary ruling submitted by the High Court of Ireland (‘the High Court’) relates to one of the forms that the “appropriate safeguards” may take: a contract between the exporter and the importer […]

Tags: ,

ECJ decisione in case C-136/17 (GC v CNIL) is not a complete victory for Google

On 24 September 2019 the Court of Justice of the European Union (ECJ) issued two decisions  concerning Google: Cases C-507/17 (Google v CNIL) and C-136/17 (GC v CNIL) . See comments to Case C-507/17 here. Apparently, both decisions are a success for Google. Not a complete success in Case C-507/17, however. And not a complete success […]

1 5 6 7 8 9 21