Users’ guidance on DPIA under the GDPR published by EU Data Protection Authorities

EU Data Protection Authorities released useful Data Protection Impact Assessment tools (DPIAS) Belgium: the Commission for the Protection of Privacy, Commissie voor de bescherming van de persoonlijke levenssfeer (CBPL) issued a Recommandation d’initiative concernant l’analyse d’impact relative à la protection des données (n° 01/2018)   Cyprus: the Office of the Commissioner for Personal Data Protection, Γραφείου Επιτρόπου Προστασίας Δεδομένων […]

ICO’s data portability page

The Information Commissioner’s Office ICO published a resourceful page concerning the right to data portability. The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. Among the answers to several data portability related questions, the page contains a checklists for preparing for and complying with requests […]

DPAs’ guidance on exercising data subjects’ rights under GDPR vis-a-vis social media

Several DPAs have issued guidance on how individuals can exercise their rights as data subjects vis-a-vis social media platforms. See for example: – ICO – United Kingdom: https://ico.org.uk… – Data Protection Commissioner – Ireland: https://dataprotection.ie… – Croatian Data Protection Agency: request for the protection of rights request for removing personal data from social networks reporting […]

Italian DPA fines political party for privacy policy violation

In March 2018, the Garante per la Protezione dei Dati Personali, Italy’s Data Protection Authority, issued a fine of Euros 32,000 against the Rousseau association, controller of the processing of data of the website users of the Italian political party “5-Star” (Cinque Stelle). Federprivacy reports. After a data breach, the Italian DPA started investigating whether […]

Cybersecurity Tech Accord signed by 34 global technology and security companies

On April 17, 2018, 34 global technology and security companies signed a Cybersecurity Tech Accord, agreeing to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states. The 34 companies include ABB, Arm, Cisco, Facebook, HP, HPE, Microsoft, Nokia, Oracle, and Trend Micro, and together represent tech companies that power the world’s internet […]

The Ninth Circuit changes standard on standing in data breach class actions: sufficient the “increased risk of future identity theft”

On March 8, 2018, the U.S. Court of Appeals for the Ninth Circuit found that an alleged “increased risk of future identity theft” suffices Article III standing requirement in a data breach putative class action. On June 1, 2015, the District Court of Nevada had dismissed for lack of standing the data breach putative class […]

The CLOUD Act: significant changes to cross-border access to data held by communication-service providers

On March 23, 2018, the omnibus spending bill was signed into law; a portion contains the Clarifying Lawful Overseas Use of Data Act (CLOUD Act). The CLOUD Act’s main goal is to grant governments timely access to electronic data stored by communication-service providers (such as email service providers, certain cloud service providers and social media providers). The […]