2016, Exercises and Personal data - Information Management Today

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

On July 5, 2021, the Italian supervisory authority (“ Garante ”) published an injunction against a company operating a food delivery app (“ Company ”) over the processing of riders’ personal data with respect to the use of algorithms for the management of the orders. What infringements did the Garante identify? Retention period.

Personal data

Personal data GDPR e-Delivery Communications

CNIL Unveils 2017 Inspection Program and 2016 Annual Activity Report

Hunton Privacy

MARCH 29, 2017

On March 28, 2017, the French Data Protection Authority (“CNIL”) published its Annual Activity Report for 2016 (the “Report”) and released its annual inspection program for 2017. The CNIL estimates that the GDPR will lead to the appointment of a data protection officer in at least 80,000 to 100,000 organizations in France.

Personal data

Personal data Healthcare GDPR Insurance

CNIL Fines Uber for Data Security Failure Related to 2016 Data Breach

Hunton Privacy

DECEMBER 27, 2018

On December 20, 2018, the French data protection authority (the “CNIL”) announced that it levied a €400,000 fine on Uber France SAS, the French establishment of Uber B.V. for failure to implement some basic security measures that made possible the 2016 Uber data breach. acted as a mere data processor of Uber B.V.

Data breaches

Data breaches Personal data Security Access

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Introduction to Data Protection Laws. Data protection laws, regulations, and rules control the collection, use, transfer, and storage of personal and sensitive information. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

Data Subject Access Requests – High Court dismisses claim where DSAR regime abused

DLA Piper Privacy Matters

JANUARY 15, 2021

In late 2019, the Claimant issued proceedings and sought various relief, including in connection with an allegation that the Defendant had failed to provide data, contrary to the Data Protection Act 2018 ( “DPA 18” ) and the General Data Protection Regulation (EU) 2016/679 ( “GDPR” ).

Access

Access GDPR Personal data Retail

U.S. Government White Paper to Help Companies Address the EU’s National Security Concerns in Schrems II

Data Matters

SEPTEMBER 30, 2020

of personal data of EU residents, following the decision of the Court of Justice of the European Union (“CJEU,” or “ECJ”) in Schrems II – more formally known as Data Protection Commissioner v. Privacy Shield as a basis for transferring EU personal data to the United States because of the Court’s view that U.S.

Paper

Paper Government Security Privacy

Russia: Main Takeaways from Roskomnadzor’s Open Doors Day

HL Chronicle of Data Protection

FEBRUARY 28, 2018

Of the industries represented by the data operators, the majority of data subject complaints emanated from or related to consumers’ relationships with banks, housing services providers, and debt collection agencies. The Roskomnadzor also continued to review websites’ abilities to respect data subjects’ rights. Personal Data.

Personal data

Personal data Data Privacy Privacy Risk

UK ICO Fines Equifax for 2017 Breach

Hunton Privacy

SEPTEMBER 24, 2018

Recently, the UK Information Commissioner’s Office (“ICO”) fined credit rating agency Equifax £500,000 for failing to protect the personal data of up to 15 million UK individuals. The data was compromised during a cyber attack that occurred between May 13 and July 30, 2017, which affected 146 million customers globally.

Personal data

Personal data Passwords Compliance Risk

CNIL Publishes Internet Sweep Results on Connected Devices

Hunton Privacy

SEPTEMBER 27, 2016

On September 23, 2016, the French Data Protection Authority (“CNIL”) published the results of the Internet sweep on connected devices. As we previously reported , the sweep was coordinated by the Global Privacy Enforcement Network, a global network of approximately 50 data protection authorities (“DPAs”).

Personal data

Personal data Data collection Privacy Access

European Commission Presents EU-U.S. Privacy Shield

Hunton Privacy

FEBRUARY 29, 2016

On February 29, 2016, the European Commission issued the legal texts that will implement the EU-U.S. These texts include a draft adequacy decision from the European Commission, Frequently Asked Questions and a Communication summarizing the steps that have been taken in the last few years to restore trust in transatlantic data flows.

Privacy

Privacy Personal data Access Government

Entry into Force of the French Digital Republic Bill

Hunton Privacy

OCTOBER 31, 2016

On October 7, 2016, the French Digital Republic Bill (the “Bill”) was enacted after a final vote from the Senate. The Bill aligns the French legal data protection framework with the EU General Data Protection Regulation (“GDPR”) requirements before the GDPR becomes applicable in May 2018. Increased Fines.

GDPR

GDPR Personal data Communications Compliance

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW

DLA Piper Privacy Matters

JANUARY 21, 2019

On 12 December 2018, the French Government issued an ordinance [1] finalizing, at the legislative level [2] , the alignment of the French Data Protection Law (“FDPL”) with the General Data Protection Regulation [3] (“GDPR”) and the Directive 2016/680 [4].

GDPR

GDPR Personal data Communications Government

GDPR Italian Implementing Decree Has Been Published

HL Chronicle of Data Protection

SEPTEMBER 14, 2018

101 of 10 August 2018 (the “Decree”) for the national implementation of General Data Protection Regulation (EU) 2016/679 (the “GDPR”) has been published in the Official Journal. The provisions relating to specific processing of personal data (e.g. On 4 September, the Legislative Decree no.

GDPR

GDPR Personal data Privacy Communications

SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

DLA Piper Privacy Matters

JULY 1, 2019

If this happens, many organisations will be left without any practical solution to legitimise the international transfer of personal data outside the EEA and exposure to the threat of GDPR revenue based fines, regulatory sanctions including injunctions and third party claims for compensation.

Privacy

Privacy Personal data GDPR Risk

In praise of. the Investigatory Powers Act 2016

Data Protector

AUGUST 17, 2020

To recap, in 2016 the IPA brought together all the existing covert and overt statutory powers that were then available to enable the UK’s intelligence agencies, police and other investigatory authorities obtain intelligence and communications data. Where opinion formers had concerns, these issues should be addressed.

Communications

Communications Government Personal data Compliance

Working Party Adopts Revised Guidelines on Data Portability, DPOs and Lead SA

Hunton Privacy

APRIL 12, 2017

On April 5, 2017, the Article 29 Working Party (“Working Party”) adopted the final versions of its guidelines (the “Guidelines”) on the right to data portability, Data Protection Officers (“DPOs”) and Lead Supervisory Authority (“SA”), which were first published for comment in December 2016.

Personal data

Personal data GDPR Metadata Compliance

Article 29 Working Party Issues Statement on Consequences of Safe Harbor Ruling

Hunton Privacy

OCTOBER 16, 2015

The Working Party confirmed that, during this period, businesses can still rely on these data transfer mechanisms to transfer personal data to the U.S. Safe Harbor to transfer personal data from the EU to the U.S. Furthermore, if no solution is found with the U.S. Furthermore, if no solution is found with the U.S.

Personal data

Personal data Risk IT

EDPB Adopts Guidelines on Data Processing Through Video Devices

Hunton Privacy

JULY 26, 2019

The European Data Protection Board (the “EDPB”) recently adopted its Guidelines 3/2019 on processing of personal data through video devices (the “Guidelines”). Although the Guidelines provide examples of data processing for video surveillance, these examples are not exhaustive.

GDPR

GDPR Personal data Privacy Compliance

Why law enforcement data processing is more complicated than you might think

IT Governance

MAY 30, 2019

The DPA 2018 includes a framework designed specifically for the processing of personal data for law enforcement purposes. Any other body that has statutory functions to exercise public authority or public powers for law enforcement purposes. A 12-step approach to law enforcement processing.

GDPR

GDPR Personal data Government Compliance

Irish Data Protection Bill in Final Committee Stage Before the Irish Legislature

Hunton Privacy

MAY 22, 2018

The Bill implements Ireland’s national legislation in areas where the EU General Data Protection Regulation (“GDPR”) provides a margin of maneuver to Member States, and specifies the investigative and enforcement powers of the Irish Data Protection Commission.

GDPR

GDPR Personal data Marketing Insurance

FRANCE: Draft Data Protection Law – One Step Closer to a Final Version

DLA Piper Privacy Matters

FEBRUARY 12, 2018

After two days of discussion and 180 amendments reviewed, the French National Assembly has adopted the draft law aimed at adapting the French data protection framework in anticipation of the entry into application of the GDPR on next May 25. Numerous amendments were rejected (e.g.,

GDPR

GDPR Personal data Compliance Access

Polish DPA issues the first fine for a violation of the GDPR – and it’s harsh

DLA Piper Privacy Matters

APRIL 2, 2019

It then uses the data it collected in order to prepare reports, summaries, etc., 1 – 2 of the GDPR, individually with respect to all natural persons whose data was the subject of the proceedings before the PUODO, using traditional mail, the cost of doing so would be almost PLN 34 million (approx. 1 and par. 2 of the GDPR.

GDPR

GDPR Personal data IT Paper

The Cathay Pacific Breach: Is Data Protection and Cyber Security Law in Hong Kong About to Receive an Upgrade?

HL Chronicle of Data Protection

JUNE 17, 2019

On 6 June, 2019, the Privacy Commissioner for Personal Data (the “ PCPD “) issued an enforcement notice against Cathay Pacific Airways (and its affiliate Hong Kong Dragon Airlines) (together, “ Cathay Pacific “) in respect of a data breach concerning unauthorized access to the personal data of some 9.4

Personal data

Personal data Data breaches Security Compliance

GERMANY: Federal Court summary judgment: FCO achieves stage victory against Facebook

DLA Piper Privacy Matters

JUNE 25, 2020

The FCJ’s decision focuses on Facebook’s terms of use, which not only regulate the processing of personal data that users disclose on the platform itself. Moreover, it is not clear which data from which sources are used for which purposes. Accordingly, the court has not made any statement on this matter.

Marketing

Marketing Personal data GDPR Analytics

GDPR Is In Effect: The French Bill Has Been Adopted…But Referred to the French Constitutional Council

HL Chronicle of Data Protection

MAY 25, 2018

This procedure led to the adoption in final reading by the French National Assembly of the bill on personal data protection on 14 May 2018. The GDPR has an extended scope compared to the scope of the French Data Protection Act. The bill broadens the scope of the current Article 36 of the French Data Protection Act.

GDPR

GDPR Personal data Archiving Government

Data Protection Regime in Turkey Takes Shape

Data Protection Report

DECEMBER 6, 2017

On October 28, 2017, the Turkish Data Protection Authority (the “ Authority ”) published an important regulation supplementing the Law on Protection of Personal Data (the “ Data Protection Law ”), namely the Regulation on the Deletion, Destruction and Anonymization of Personal Data (the “ Regulation ”).

Personal data

Personal data Paper Encryption Cloud

U.S. CLOUD Act and International Privacy

Data Protection Report

AUGUST 1, 2019

law and complying with the personal data protections required by the General Data Protection Regulation (GDPR) and other E.U. Because the CLOUD Act specifically contemplates court orders/warrants requiring the transfer of personal data without an MLAT, the European Regulators concluded: “service providers subject to E.U.

Cloud

Cloud Privacy e-Discovery Personal data

CIPL and Telefónica Call for Action on New Approaches to Data Transparency

Hunton Privacy

OCTOBER 18, 2016

and Telefónica, one of the largest telecommunications company in the world, issued a joint white paper on Reframing Data Transparency (the “white paper”). Recently, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP, a privacy and information policy think tank based in Brussels, London and Washington, D.C.,

Paper

Paper Education Privacy Personal data

BELGIUM: NEW DATA PROTECTION COMMISSIONER

DLA Piper Privacy Matters

MARCH 28, 2019

For this reason, it was decided that the members of the former Belgian Privacy Commission would perform the tasks and exercise the power of the BDPA on an interim basis during this transitional period. However, most candidates lacked sufficient knowledge of German, Belgium’s third national language (next to Dutch and French).

GDPR

GDPR Privacy Analytics Personal data

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

MAY 23, 2022

On 12 May 2022, the European Data Protection Board ( EDPB ) adopted the draft Guidelines on the calculation of administrative fines under the GDPR (“ the Guidelines ”). the duration of the infringement – a supervisory authority may generally attribute more weight to an infringement with longer duration.

GDPR

GDPR Personal data Risk IT

4 ways ISO 27001 can enhance your business

IT Governance

NOVEMBER 16, 2017

In the UK, the number of organisations certified to the Standard increased by 20% in 2016 , bringing the total to more than 33,000. The telecoms company was fined £400,000 after it lost 157,000 customers’ personal data, but this pales in comparison to the subsequent damage. So why are so many organisations adopting ISO 27001?

Information Security

Information Security Sales Personal data Risk

Italian National Cybersecurity Perimeter: With great power comes great responsibility!

Privacy and Cybersecurity Law

JUNE 23, 2021

Conversely, such notification does not absolve the operator from making a data breach notification to the competent data protection authority, pursuant to Article 33 of Regulation (EU) 2016/679 (GDPR), if the incident results in a personal data breach. Identification of security measures.

Cybersecurity

Cybersecurity Communications Data breaches Security

Article 29 Working Party Releases Opinion on EU-U.S. Privacy Shield

Hunton Privacy

APRIL 13, 2016

On April 13, 2016, the Article 29 Working Party (the “Working Party”) published its Opinion on the EU-U.S. On October 16, 2015, the Working Party announced it would assess the consequences of the Schrems judgment with respect to all mechanisms permitting data transfers to the U.S. Background. Purpose Limitation.

Privacy

Privacy Personal data Healthcare GDPR

Comments Submitted on California Consumer Privacy Act of 2020—Initiative 19-0021

Data Matters

NOVEMBER 12, 2019

Similar to what is already required with respect to data security incidents under federal financial and health privacy law, and more broadly under all 50 U.S. It can also eliminate the ability of data subject to exercise choices. Household information. This dedication to “proportionality” seems both important and correct.

Privacy

Privacy Data breaches Compliance Personal data

Weekly podcast: 2018 end-of-year roundup

IT Governance

DECEMBER 13, 2018

Also in January, the ICO (Information Commissioner’s Office) fined Carphone Warehouse £400,000 – one of the largest fines it issued under the DPA (Data Protection Act) 1998 – for multiple security inadequacies that led to a 2015 data breach in which three million customers’ personal data was compromised.

Data breaches

Data breaches Personal data Access GDPR

EU Council Agrees on Proposed ePrivacy Regulation

Data Matters

MARCH 10, 2021

Unlike the EU General Data Protection Regulation 2016/679 (GDPR), the ePrivacy legal framework applies only to electronic communications data — which may include both personal and non-personal data and is in that respect broader in scope than the GDPR.

GDPR

GDPR Metadata Communications Privacy

Singapore proposes changes to cybersecurity and data protection regimes

Data Protection Report

SEPTEMBER 25, 2017

In a bid to keep pace with advancements in the technological landscape, the Singapore Government has in recent months embarked on public consultations on its draft Cybersecurity Bill (the Cyber Bill) and its proposed amendments to Singapore’s Personal Data Protection Act (PDPA) to update the country’s data protection regime.

Cybersecurity

Cybersecurity Data breaches Personal data Compliance

EUROPE: ECJ and responsibility for personal data processing on Facebook fan pages

DLA Piper Privacy Matters

JUNE 13, 2018

In June 2018 the European Court of Justice’s Grand Chamber decided [1] on a long awaited case [2] regarding the responsibility of the administrators of Facebook fan pages, relating to the personal data of visitors to fan pages. 5] [link]. [6] 6] See case C? 5] [link]. [6] 6] See case C? 5] [link]. [6] 6] See case C?131/12,

Personal data

Personal data GDPR Privacy Risk

The Burden of Privacy In Discovery

Data Matters

SEPTEMBER 29, 2021

Relatively recent advances in technology — smartphones and social media, in particular — have allowed businesses to collect, store, and find ways to monetize far more personal data than ever before. social security and credit card numbers, employee and patient health data, and customer financial records).”43

Privacy

Privacy e-Discovery Computer and Electronics e-Delivery

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

IT Governance

DECEMBER 6, 2023

As privacy professionals, we see consumers exercising their rights to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. The guidance in ISO 29151, which specifies controls that help protect personal data. ‘GDPR’ has become a familiar term. But compliance requires clarity.

Data Privacy

Data Privacy Privacy GDPR IT

European Commission Publishes Draft UK Adequacy Decisions

Data Matters

FEBRUARY 19, 2021

The EU GDPR prohibits the transfer of personal data to a country outside the European Economic Area ( EEA ) (otherwise known as a third country ) that is not considered to provide an ‘adequate level’ of data protection by the EC unless ‘appropriate safeguards’ are implemented (e.g., consent of the data subject).

GDPR

GDPR Personal data Privacy Access

A Decade of Have I Been Pwned

Troy Hunt

DECEMBER 3, 2023

” Anyone can type in an email address into the site to check if their personal data has been compromised in a security breach. Press is great for raising awareness of the project, but it has also quite literally DDoS'd the service with the Martin Lewis Money Show in the UK knocking it offline in 2016.

Data breaches

Data breaches Passwords Sales IT

CNIL Issues Decision Regarding Data Processing for Litigation Purposes

Hunton Privacy

FEBRUARY 22, 2016

On February 19, 2016, the French Data Protection Authority (“CNIL”) made public its new Single Authorization Decision No. In doing so, companies process personal data that is likely to include data relating to criminal offenses and convictions or security measures. 46 (“Single Authorization AU-46”).

Personal data

Personal data Security IT Compliance

GDPR – The Work Ahead

HL Chronicle of Data Protection

MAY 9, 2019

A year has gone by since the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) became effective and the digital economy is still going and growing. The Internet has not stopped working. The multi-million euro fines have not happened (yet). It was always going to be this way.

GDPR

GDPR Compliance Privacy Personal data

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

CNIL Unveils 2017 Inspection Program and 2016 Annual Activity Report

Webinars

Trending Sources

CNIL Fines Uber for Data Security Failure Related to 2016 Data Breach

Webinars

The Impact of Data Protection Laws on Your Records Retention Schedule

Data Subject Access Requests – High Court dismisses claim where DSAR regime abused

U.S. Government White Paper to Help Companies Address the EU’s National Security Concerns in Schrems II

Russia: Main Takeaways from Roskomnadzor’s Open Doors Day

UK ICO Fines Equifax for 2017 Breach

CNIL Publishes Internet Sweep Results on Connected Devices

European Commission Presents EU-U.S. Privacy Shield

Entry into Force of the French Digital Republic Bill

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW

GDPR Italian Implementing Decree Has Been Published

SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

In praise of. the Investigatory Powers Act 2016

Working Party Adopts Revised Guidelines on Data Portability, DPOs and Lead SA

Article 29 Working Party Issues Statement on Consequences of Safe Harbor Ruling

EDPB Adopts Guidelines on Data Processing Through Video Devices

Why law enforcement data processing is more complicated than you might think

Irish Data Protection Bill in Final Committee Stage Before the Irish Legislature

FRANCE: Draft Data Protection Law – One Step Closer to a Final Version

Polish DPA issues the first fine for a violation of the GDPR – and it’s harsh

The Cathay Pacific Breach: Is Data Protection and Cyber Security Law in Hong Kong About to Receive an Upgrade?

GERMANY: Federal Court summary judgment: FCO achieves stage victory against Facebook

GDPR Is In Effect: The French Bill Has Been Adopted…But Referred to the French Constitutional Council

Data Protection Regime in Turkey Takes Shape

U.S. CLOUD Act and International Privacy

CIPL and Telefónica Call for Action on New Approaches to Data Transparency

BELGIUM: NEW DATA PROTECTION COMMISSIONER

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

4 ways ISO 27001 can enhance your business

Italian National Cybersecurity Perimeter: With great power comes great responsibility!

Article 29 Working Party Releases Opinion on EU-U.S. Privacy Shield

Comments Submitted on California Consumer Privacy Act of 2020—Initiative 19-0021

Weekly podcast: 2018 end-of-year roundup

EU Council Agrees on Proposed ePrivacy Regulation

Singapore proposes changes to cybersecurity and data protection regimes

EUROPE: ECJ and responsibility for personal data processing on Facebook fan pages

The Burden of Privacy In Discovery

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

European Commission Publishes Draft UK Adequacy Decisions

A Decade of Have I Been Pwned

CNIL Issues Decision Regarding Data Processing for Litigation Purposes

GDPR – The Work Ahead

Stay Connected