On November 29, 2017, the Working Party 29 (WP29) established a task force on the Uber data breach case. This task force, led by the Dutch DPA, will be composed of representatives from the French, Italian, Spanish, Belgian and German Data Protection Authorities (DPAs), as well as from the ICO and will coordinate the national […]
Tom O’Connor examines the similarities and differences in the requirements for the collection, use and protection of information subject to the U.S. eDiscovery rules and the treatment of personal data under the GDPR. The full text is available at https://www.ediscovery.co…
On November 29, 2017, the Supreme Court heard oral argument in an important privacy case. The Sixth Circuit held that the protection granted under the Fourth Amendment did not prevent the government to access business records from the defendants’ wireless carriers revealing the user’s location without a warrant. In Carpenter v. United States Timothy Carpenter and Timothy Sanders […]
Apps using face recognition cause some privacy concerns. The iPhone X’s front sensors scan 30,000 points to make a 3D model of users’ faces and then shares the faces’ maps with lots of apps. However, Apple spokesman Tom Neumayr said “We take privacy and security very seriously. This commitment is reflected in the strong protections […]
On October 22, 2017, a Portland resident filed a lawsuit before the Portland District Court seeking class-action status against Uber over a 2016 data breach. According to the complaint, Uber announced in November 2017 a data breach that occurred in late 2016 and that compromised the personal information of 57 million Uber users. Rather than […]
On December 12, 2017, a new Article 110bis of the Italian Privacy Code came into force, redrafting the discipline concerning use of data for scientific research or statistical purposes. The new Article 110bis, Italian Privacy Code, (Legislative Decree n. 196/2003) introduced three changes that might have harmful consequences for scientific developments. First, it restricts the possibility […]
As announced (see here), on October 3, 2017, the Article 29 Working Party(WP29) published its Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679 (GDPR). Once a GDPR infringement is established, the competent supervisory authority (Article 5 1 GDPR) must identify the most appropriate corrective measure(s) to address the […]
On May 2018, Regulation (EU) 2016/679, on the Protection of Natural Persons with Regard to the Processing of personal Data and on the Free Movement of Such Data, and repealing Directive 95/46/EC (General Data Protection Regulation, in short “GDPR”), will enter into force. The good thing is that starting from that date, the EU will […]
On October 16, 2017, the U.S. Supreme Court accepted the U.S. government’s request to review a previous appeals court ruling in favor of Microsoft, preserving service providers from surrendering information stored abroad. The U.S.’s highest court had to decide if companies have a right to refuse to comply with data disclosure demands made by […]
At its plenary meeting held in October 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the so called General Data Protection Regulation (GDPR). WP29 approved the final version of the DPIA guidelines Guidelines on Data Protection Impact Assessment after having examined the comments received during the public consultation which ended […]