On June 15, 2017, the Italian Data Protection Authority, Garante per la protezione dei dati personali, highlighted how time is not the only factor to consider when asking to be forgotten. There are additional circumstances that have to be considered, like for example, the public right to information. In this case, a senior public official […]
On October 3, 2017, the Irish High Court deemed that the Irish DPA has “well founded concerns” over US privacy surveillance of Facebook and is worried that there may not be an effective remedy in US law compatible with the fundamental EU data protection right to file a petition before an independent tribunal when EU […]
On September 29, 2017 the French Data Protection Authority (CNIL) published a guide for data processors, Guide du sous-traitant, in French, to aid data processor implementing the obligations set forth by the new EU General Data Protection Regulation (“GDPR”). More on the CNIL’s guide is available (in French) at https://www.cnil.fr… For more information on EU data protection’s state of […]
In an early effort to adapt Italian privacy law to the GDP, in November 2017, a new Article 110bis was approved for introduction in the Italian Privacy Code, redrafting the discipline concerning the re-use of data for scientific research or statistical purposes. The new Article 110bis, Italian Privacy Code, (Legislative Decree n. 196/2003) introduced three changes that […]
On February 9, 2018, Working Party 29 (WP29) published the Working document on Adequacy Referential (wp254). The paper provides guidance to the European Commission and the WP29 for the assessment of the level of data protection in third countries and international organizations by “establishing the core data protection principles that have to be present in […]
On February 6, 2018, Working Party 29 (WP29) adopted the Guidelines on Personal data breach notification under Regulation 2016/679, wp250rev.01 Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR) introduces the requirement for a personal data breach to be notified to the competent national supervisory authority (or in the case of a cross-border breach, to […]
On February 6, 2018, Working Party 29 (WP29) adopted the Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01). Advances in the capabilities of big data analytics, as well as the widespread availability of personal data on the internet and from Internet of Things (IoT) devices can allow aspects of […]
On January 24, 2018 the EU Commission published a guidance to foster uniform application of the GDPR across the EU. The Commission also made available an online tool for SMEs (the tool was not working on January 25, 2018 but we are confident the error in the page will be solved soon: http://europa.eu/rapid/europa.eu/dataprotecti on) Here the EU Commission’s press release. […]
On January 8, 2018, the FTC announced that VTech Electronics Limited and its US subsidiary (VTech) agreed to settle with the Federal Trade Commission (FTC) a claim that the companies violated children’s privacy through the commercialization of some connected toys. Allegedly VTech violated COPPA (Children’s Online Privacy Protection Act of 1998) by collecting personal information from children […]
On October 24, 2017, Advocate General Bot issued his preliminary opinion in case C‑210/16, opining on the definition of a data controller, applicable national law, and jurisdiction under EU data protection law under Directive 95/46/EC. The opinion is not binding but if followed by the European Court of Justice (CJEU), EU companies that have been […]