On May 20, 2019, the Corte di Cassazione, the Italian Supreme Court, clarified that if the damage is not proven, there is no crime for the violation of privacy under the Italian Privacy Code (Article 167, Legislative Decree 196/2003). In this case, a father and a son were involved in a civil proceeding. The father […]
On January 29, 2019, the French Data Protection Agency, the Commission Nationale de l’informatique et des Libertés (CNIL) imposed a fine of 50 million Euros on Google LLC under the EU General Data Protection Regulation (GDPR) for failure to (i) provide information to users configuring their Android mobile device and creating a Google account in breach of […]
On April 25, 2019, the Nigeria Data Protection Regulation 2019 entered into force. The Regulation was issued by the National Information Technology Development Agency, NITDA, and it mirrors the EU General Data Protection Regulation (GDPR). The Regulation’s scope of application is quite broad. It applies to all transactions intended for the processing of personal data […]
On May 8, 2019, the Brussel’s Court of Appeal referred certain questions to the Court of Justice of the European Union (CJEU) to ensure that the Belgian Data Protection Authority (DPA) can pursue the case against Facebook also after the GDPR entered into force. In particular, the questions is whether the one-stop shop mechanism (which […]
On April 16, 2019, North Carolina House of Representative introduced H.B. 904. The Bill amends the Identity Theft Protection Act. Among the many changes introduced, the Bill: amends the definition of security breach to include any incident of “unauthorized access to or acquisition of (was, access to and acquisition of) unencrypted and unreacted records or […]
On April 17, 2019, the EU Parliament adopted the proposed EU Regulation on platform-to-business trading practices. The text adopted by the European Parliament still has to be formally approved by the Council of the European Union. Once approved, the Regulation will enter into force 12 months after its publication in the Official Journal. […]
On April 22, 2019, the House of Representatives modified chapter 19.255 RCW to amend its data breach notification law. The definition of “data breach” does not change. The security of the system means “unauthorized acquisition of data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business.” But HB […]
On April 16, 2019, the European Parliament informed that it decided to create the Common Identity Repository (CIR). The CIR will interconnect a series of data systems (listed below) into a gigantic biometric database containing data about EU and non-EU citizens to improve data exchange between EU information systems to manage borders, security and migration. […]
On April 24, 2019, Facebook published its financial results for the first quarter, where it estimated a probable loss and recorded an accrual of $3 billion in connection with an investigation by the Federal Trade Commission (FTC). The investigation could result in a penalty of up to 5 billion. The FTC began its investigation into […]
On November 9, 2019, the European Data Protection Board (EDPB) adopted guidelines on the GDPR’s lawful basis for processing. In particular, the EDPB provided guidance on the “contractual necessity basis for processing personal data in the context of online services.” Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context […]