On October 4, 2018, the European Parliament adopted the proposed EU Regulation on the Free Flow of Non-Personal Data in the European Union. The Regulation aims at removing obstacles to the free movement of non-personal data within the European Union. The Regulation does not cover data mobility outside the EU. The approved Regulation does not […]
On October 16, 2018, the European Union Blockchain Observatory and Forum published a thematic report on the Blockchain and the GDPR (“Report”). The report includes the input of a number of different stakeholders and sources. The report aims at answering the question of whether GDPR compliant blockchain is possible. The paper highlights a fundamental point: […]
In August, the FTC took action against false claims of participating to the EU-US Privacy Shield Framework. These are the first cases addressing the Privacy Shield Framework introduced on July 12, 2016. Allegedly, the companies under investigation started the application for the EU-U.S. Privacy Shield but never completed it; yet they falsely claimed to be […]
The EDPB adopted opinions on the draft lists that several supervisory authorities issued regarding he processing operations subject to the requirement of a data protection impact assessment (DPIAs, according to Article 35.4 GDPR). This power of EDPB is pursuant to Article 63, Article 64 (1a), (3) – (8) and Article 35 (1), (3), (4), (6) […]
After only three months from its approval the California Consumers Privacy Act (CCPA) was amended. On September 23, 2018 Senate Bill 1121 was signed into law. The legislation, which takes effect immediately, amends the CCPA, which was passed on June 2018. Among other things, the amendment: – clarifies the definition of “personal information”, explaining that it […]
Aon and DLA Piper released a “price of data security” report on where GDPR’s fines are generally insurable. According to the guide, only Finland and Norway allow insurance for this type of fines. In 20 out of 30 jurisdictions, GDPR fines do not seem insurable (like in UK, France, Italy and Spain), and in the […]
On September 20, 2018, the Department of Health and Human Services, Office for Civil Rights (OCR) announced that it reached settlement with several medical centers after they allegedly compromised patients’ protected health information (PHI) by inviting film crews on premises to film an ABC’s television documentary series, without first obtaining authorization from patients. According to […]
On July 6, 2018, the UK Data Protection Authority, the Information Commissioner Officer (ICO), served what looks like the first enforcement notice regarding the processing of UK individuals’ personal data by a nonresident organization. The notice was directed to Aggregate IQ (AIQ), a digital advertising, web and software development company based in Canada. […]
On September 19, 2018, Legislative Decree n. 101/2018 harmonizing the Italian privacy law with the General Data Protection Regulation (GDPR) entered into force. Legislative Decree was published on the Official Italian Gazette (Gazzetta ufficiale n. 205 04-09-2018) on September 4, 2018. More on the Legislative Decree and the Italian Privacy Code (Legislative Decree 196/2003) is available […]
On September 4, 2018, Legislative Decree n. 101/2018 harmonizing the national privacy law with the General Data Protection Regulation (GDPR) was published on the official Italian journal (Gazzetta ufficiale n. 205 04-09-2018). The Legislative Decree does not abrogate the Italian Privacy Code (Legislative Decree 196/2003), which therefore remains in force, but that Code is harmonized with […]