On July 12, 2018, the German federal court (Bundesgerichtshof, BGH) overturned the judgment of the Berlin’s highest state court (Kammergerichts), which had denied the parents’ access to their daughter’s Facebook account. The case involved a mother trying to access the deceased 15-year-old daughter’s Facebook account in order to understand the cause of death. With its […]
CJEU: in the references for preliminary rulings the national judge must anonymise the data On July 20, 2018, the Official Journal of the European Union (C 257/1) published a document in which the European Court of Justice (“ECJ”) clarifies to national courts and tribunals the essential characteristics of the preliminary ruling procedure and the […]
On May 22, 2018, Vermont passed a new data broker piece of legislation, Act No. 171 (H.764), which adopts a number of consumer protection provisions relating to data brokers, their data collection practices, and consumers’ right to opt out of them. It ensures that data brokers have adequate security standards, it aims at prohibiting the […]
On August 20, 2018, the Information Commissioner Officer, ICO – the British data protection authority – fined Lifecycle Marketing (Mother and Baby) Ltd, aka Emma’s Diary, £140,000 for failing to comply with the data protection ‘fairness’ principle. The principle imposes a transparency duty requiring data controllers to provide data subjects with information about the purposes […]
On August 14, 2018, the Brazilian president signed the Lei Geral de Proteção de Dados Pessoais (“LGPD”) into law. The LGPD is a comprehensive data privacy regulation, which has many similarities with the GDPR, such as for example its broad scope of application, which includes processing activities conducted wholly outside of Brazil, but affecting or […]
On June 28, 2018, the Garante per la Protezione dei Dati Personali, Italy’s Data Protection Authority (DPA), rendered a decision reminding that privacy must be protected from the design phase of a product or service. With its decision, the Italian DPA prohibited the processing of data to the company that installed the geo-localization system on […]
On July 10, 2018, the Italian Data Protection Authority (DPA), the Garante per la Protezione dei Dati Personali, issued the annual report on its activity for 2017. The English version of the report is not yet available. However, we extracted some numbers for you from the Italian text. Overall, there is a decrease in the number of […]
On June 28, 2018, California passes Bill 375 (Chau, Hertzberg, Dodd), which will provide Californians with fundamental new consumer privacy rights. In summary, the broad private right of action in the initiative covers instances of data breach – violations are subject to enforcement by the Attorney General – the right to know all a consumer’s […]
On May 10, 2018, the new regulations on the Security of Network and Information Systems came in to force in the UK. The new regulation is called the Network and Information Systems Regulations 2018 – the NIS regime. The NIS follows the adoption of the EU Cybersecurity Directive according to which “Operators of essential services” (OESs) […]
In June 2018 the Irish Data Protection Commission (DPC) published a draft list of processing operations for which it is mandatory to conduct a data protection impact assessment (DPIA). The list is intended to encompass both national and cross-border data processing under Article 35 of the General Data Protection Regulation (GDPR). With a view to […]