On February 7, 2019, the Bundeskartellamt, the German antitrust authority, prohibited Facebook from combining data concerning German Facebook users gathered also from third party websites when the user didn’t give voluntary consent to this practice. The decision concerns all private users of Facebook based in Germany. According to the Bundeskartellamt’s decision, until now, individuals […]
On February 28, 2019, Thailand’s National Legislative Assembly passed the Personal Data Protection Act (PDPA). According to this source, the PDPA will be signed and endorsed by the monarch, and will then be published in the Government Gazette before to enter into force later this year. This article explains that the legislative text includes […]
Below a list of the harmonization laws enacted by each EU member state. Austria: the Datenschutz-Anpassungsgesetz 2018, the “Datenschutzgesetz“. Belgium: Framework Act (Dutch) Framework Act (French), DPA Act (Dutch), DPA Act (French) Croatia: Zakona O Provedbi Opće Uredbe O Zaštiti Podataka, the Act on Implementation of the General Data Protection Regulation (Official Gazette no. 42/2018) Cyprus: Law n 125(I)/2018 Czech […]
In February 2019 there have been reports of violations of health data affecting thousands of patients in US medical centers. One of the major breaches affected 974,000 patients at the University of Washington clinic (see here), while the other involved 326,000 users of UConn Health, a large medical center academic (see here). In both […]
On February 12, 2019 the European Data Protection Board (EDPB) warned that in the absence of an agreement between the EEA and the UK (no-deal Brexit), the UK will become a third country from 00.00 am CET on 30 March 2019. The EDPB provides 5 steps organizations that transfer data to the UK should take […]
On December 19, 2018, Advocate General Bobek, published his opinion in case C-40/17, deeming that anyone who enters the Facebook “Like” button on his website can be considered a joint controller. In this case, a German fashion online retailer embedded a Facebook’s ‘Like’ button in its website. As a result, when users landed on the […]
On January 10, 2018, Advocate General Maciej Szpunar of the Court of Justice of the European Union (CJEU) issued his opinion in the case of Google v. CNIL (Case C-507/17). In the opinion, the Advocate General stresses that the right to be forgotten must be balanced against other fundamental rights, such as the legitimate public […]
On December 28, 2018, the French Data Protection Agency, the Commission Nationale de l’informatique et des Libertés (CNIL) published several principles to help companies comply with the General Data Protection Regulation (GDPR) while transferring personal data to their commercial partners for electronic prospecting. Particularly, the CNIL highlights how: the data subject must give consent before […]
Author describes which are the most common cases implicating IoT devices and collected data, how to preserve those data, and how to collect and request them. Author suggests how to effectively extract relevant IoT “information in litigation while balancing the operational and privacy challenges that these new sources of digital evidence raise.” The full […]
In November 2018, a German local court, the Amtsgericht Diez, decided on a claim for immaterial damages under Art. 82.1, GDPR. According to this source, on May 25, 2018, Plaintiff received an e-mail in which Plaintiff’s consent to receive a newsletter was requested. An email of this sort is considered spam under German law and […]