On March 14, 2017, the European Data Protection Supervisor (EDPS) released Opinion 4/2017 on the 2015 Proposal for a Directive (1) on certain aspects concerning contracts for the supply of digital content (1) on certain aspects concerning contracts for the supply of digital content and (2) on certain aspects concerning contracts for the online and […]
On April 4, 2017, the Working Party 29 (WP29) released Opinion 1/2017 on the Proposed Regulation for the ePrivacy Regulation (2002/58/EC) – wp247 (ePrivacy Regulation Proposal). The WP29 welcomes the Proposal for the Regulation. However, it expressed several points of concern and suggested amendments. The European Commission, along with the European Parliament and the European […]
What data controllers should do before receiving a possible subject access request As a data controller, you obviously know it: one day you may receive an access request from a data subject. Being available to promptly comply with the request when you receive it is far from being enough. Indeed, there is much more that […]
On January 30, 2017, the Federal Court of Canada found Globe24h.com, a Romanian based website and its sole owner and operator, in violation of the Personal Information Protection and Electronic Documents Act (PIPEDA). By way of background, the Romanian based website indexed and reposted Canadian court and tribunal decisions that were also available on Canadian legal […]
On October 19, 2016, the European Court of Justice (“ECJ”) presented its conclusions in Patrick Breyer v. Bundesrepublik Deutschland (case C‑582/14). According to the ECJ The dynamic internet protocol address of a visitor constitutes personal data, with respect to the operator of the website, if that operator has the legal means allowing it to identify […]
In February 2017, the Italian Data Protection Authority (Garante per la protezione dei Dati Personali) fined five companies over 11 million euros for the unlawful processing of personal data. The companies, which operate in the money transfer field, unlawfully processed the personal data of over 2 millions people. To avoid money laundering legislation, the companies would use […]
When a US organization decides to self-certify under the EU-U.S. Privacy Shield, compliance with Privacy Shield principles becomes compulsory. This may be a problem for many US organizations because certain processing activities that they perform – which are perfectly lawful under American law — are unlawful under a Privacy Shield’s perspective. Why? And what to do? Let’s step […]
Nel giugno del 2016, l’Autorità per la protezione dei dati personali (di seguito anche DPA) di Amburgo, in accordo con le altre presenti in Germania, si è occupata della compatibilità di Google Analytics con la normativa nazionale sulla protezione dei dati. Le indicazioni che sono emerse dal provvedimento dell’Autorità di Amburgo appaiono a un primo […]
According to the Irish Data Protection Authority (DPA) the hearing before the Irish High Court brought by the DPA against Facebook Ireland Ltd and Mr Schrems over EU-US data transfers will possibly take another additional week (or two addition weeks) to conclude. More information on the case is available here. According to the available sources (see […]
According to this source, in February 2017, an Italian judge for the preliminary investigations (usually referred as “GIP”, from Giudice per le Indagini Preliminari) ordered to obscure a website hosted in the US allegedly violating the privacy of an Italian citizen. The latter had found that his personal data had been published on the website […]