In August, the FTC took action against false claims of participating to the EU-US Privacy Shield Framework. These are the first cases addressing the Privacy Shield Framework introduced on July 12, 2016. Allegedly, the companies under investigation started the application for the EU-U.S. Privacy Shield but never completed it; yet they falsely claimed to be […]
The EDPB adopted opinions on the draft lists that several supervisory authorities issued regarding he processing operations subject to the requirement of a data protection impact assessment (DPIAs, according to Article 35.4 GDPR). This power of EDPB is pursuant to Article 63, Article 64 (1a), (3) – (8) and Article 35 (1), (3), (4), (6) […]
After only three months from its approval the California Consumers Privacy Act (CCPA) was amended. On September 23, 2018 Senate Bill 1121 was signed into law. The legislation, which takes effect immediately, amends the CCPA, which was passed on June 2018. Among other things, the amendment: – clarifies the definition of “personal information”, explaining that it […]
Aon and DLA Piper released a “price of data security” report on where GDPR’s fines are generally insurable. According to the guide, only Finland and Norway allow insurance for this type of fines. In 20 out of 30 jurisdictions, GDPR fines do not seem insurable (like in UK, France, Italy and Spain), and in the […]
On September 20, 2018, the Department of Health and Human Services, Office for Civil Rights (OCR) announced that it reached settlement with several medical centers after they allegedly compromised patients’ protected health information (PHI) by inviting film crews on premises to film an ABC’s television documentary series, without first obtaining authorization from patients. According to […]
On July 6, 2018, the UK Data Protection Authority, the Information Commissioner Officer (ICO), served what looks like the first enforcement notice regarding the processing of UK individuals’ personal data by a nonresident organization. The notice was directed to Aggregate IQ (AIQ), a digital advertising, web and software development company based in Canada. […]
On September 19, 2018, Legislative Decree n. 101/2018 harmonizing the Italian privacy law with the General Data Protection Regulation (GDPR) entered into force. Legislative Decree was published on the Official Italian Gazette (Gazzetta ufficiale n. 205 04-09-2018) on September 4, 2018. More on the Legislative Decree and the Italian Privacy Code (Legislative Decree 196/2003) is available […]
On September 4, 2018, Legislative Decree n. 101/2018 harmonizing the national privacy law with the General Data Protection Regulation (GDPR) was published on the official Italian journal (Gazzetta ufficiale n. 205 04-09-2018). The Legislative Decree does not abrogate the Italian Privacy Code (Legislative Decree 196/2003), which therefore remains in force, but that Code is harmonized with […]
On July 12, 2018, the German federal court (Bundesgerichtshof, BGH) overturned the judgment of the Berlin’s highest state court (Kammergerichts), which had denied the parents’ access to their daughter’s Facebook account. The case involved a mother trying to access the deceased 15-year-old daughter’s Facebook account in order to understand the cause of death. With its […]
CJEU: in the references for preliminary rulings the national judge must anonymise the data On July 20, 2018, the Official Journal of the European Union (C 257/1) published a document in which the European Court of Justice (“ECJ”) clarifies to national courts and tribunals the essential characteristics of the preliminary ruling procedure and the […]