On February 28, 2019, Thailand’s National Legislative Assembly passed the Personal Data Protection Act (PDPA). According to this source, the PDPA will be signed and endorsed by the monarch, and will then be published in the Government Gazette before to enter into force later this year. This article explains that the legislative text includes […]
Below a list of the harmonization laws enacted by each EU member state. Austria: the Datenschutz-Anpassungsgesetz 2018, the “Datenschutzgesetz“. Belgium: Framework Act (Dutch) Framework Act (French), DPA Act (Dutch), DPA Act (French) Croatia: Zakona O Provedbi Opće Uredbe O Zaštiti Podataka, the Act on Implementation of the General Data Protection Regulation (Official Gazette no. 42/2018) Cyprus: Law n 125(I)/2018 Czech […]
In February 2019 there have been reports of violations of health data affecting thousands of patients in US medical centers. One of the major breaches affected 974,000 patients at the University of Washington clinic (see here), while the other involved 326,000 users of UConn Health, a large medical center academic (see here). In both […]
On February 12, 2019 the European Data Protection Board (EDPB) warned that in the absence of an agreement between the EEA and the UK (no-deal Brexit), the UK will become a third country from 00.00 am CET on 30 March 2019. The EDPB provides 5 steps organizations that transfer data to the UK should take […]
On January 25, 2015, the European Commission released a statement with an update about the effects of the adoption of Regulation 2016/679/EU (GDPR). See: Joint Statement by First Vice-President Timmermans, Vice-President Ansip, Commissioners Jourová and Gabriel ahead of Data Protection Day Since its entry into force on May 25, 2018, “citizens have become more […]
On December 19, 2018, Advocate General Bobek, published his opinion in case C-40/17, deeming that anyone who enters the Facebook “Like” button on his website can be considered a joint controller. In this case, a German fashion online retailer embedded a Facebook’s ‘Like’ button in its website. As a result, when users landed on the […]
On January 10, 2018, Advocate General Maciej Szpunar of the Court of Justice of the European Union (CJEU) issued his opinion in the case of Google v. CNIL (Case C-507/17). In the opinion, the Advocate General stresses that the right to be forgotten must be balanced against other fundamental rights, such as the legitimate public […]
On December 14, 2018, New York Attorney General Barbara D. Underwood announced settlements with Western Union Financial Services, Inc., Priceline.com, LLC, Equifax Consumer Services, LLC, Spark Networks, Inc., and Credit Sesame, Inc., “for having mobile apps that failed to keep sensitive user information secure when transmitted over the Internet.” No fraud had happened with those […]
On December 28, 2018, the French Data Protection Agency, the Commission Nationale de l’informatique et des Libertés (CNIL) published several principles to help companies comply with the General Data Protection Regulation (GDPR) while transferring personal data to their commercial partners for electronic prospecting. Particularly, the CNIL highlights how: the data subject must give consent before […]
Author describes which are the most common cases implicating IoT devices and collected data, how to preserve those data, and how to collect and request them. Author suggests how to effectively extract relevant IoT “information in litigation while balancing the operational and privacy challenges that these new sources of digital evidence raise.” The full […]