2021, Exercises and Personal data - Information Management Today

India Releases Revised Non-Personal Data Framework

Hunton Privacy

JANUARY 15, 2021

On December 16, 2020, the Committee of Experts within India’s Ministry of Electronics and Information Technology (MeitY) (the “Committee”) issued a revised report on the Non-Personal Data Governance Framework (the “NPDF”) for India (the “Revised Committee Report”).

Personal data

Personal data Government Privacy IT

Lessons on international transfers to the US to organisations caught by the GDPR

Data Protection Report

SEPTEMBER 11, 2024

The Dutch data protection authority, the Autoriteit Persoonsgegevens (AP) announced a fine of €290 million on Uber Technologies Inc. The fine relates to the transfer of drivers’ personal data to the US. The alleged breach related to a period between 6 August 2021 and 27 November 2023. UTI) and Uber B.V.,(UBV)

GDPR

GDPR Personal data Compliance Artificial Intelligence

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

On July 5, 2021, the Italian supervisory authority (“ Garante ”) published an injunction against a company operating a food delivery app (“ Company ”) over the processing of riders’ personal data with respect to the use of algorithms for the management of the orders. What infringements did the Garante identify? Retention period.

Personal data

Personal data GDPR e-Delivery Communications

Webinars

Launching LLM-Based Products: From Concept to Cash in 90 Days

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

MORE WEBINARS

EDPB Releases Guidelines on Virtual Voice Assistants

Hunton Privacy

MARCH 13, 2021

On March 12, 2021, the European Data Protection Board (“EDPB”) published its Guidelines 01/2021 on Virtual Voice Assistants for consultation (the “Guidelines”). These tools are available on most smartphones and other devices and collect significant amounts of personal data, such as through user commands.

Personal data

Personal data Compliance GDPR Privacy

Dutch DPA Fines Company 525,000 EUR for Failure to Designate EU Representative

Hunton Privacy

MAY 19, 2021

On May 12, 2021, the Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , the “Dutch DPA”) imposed a €525,000 fine on Locatefamily.com for failure to comply with the obligation imposed under Article 27 of the EU General Data Protection Regulation (“GDPR”) to appoint a representative in the EU.

Personal data

Personal data GDPR Risk IT

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Data Protection Report

JUNE 6, 2023

Whilst a significant part of the MPN is focussed on TikTok’s non compliance with the rules around processing children’s personal data, the MPN also clarifies how the ICO interprets the requirements in Article 13 of the UK GDPR more generally. Where a generic email address (e.g.

Privacy

Privacy GDPR Personal data Compliance

Colorado AG Provides Insights on the Colorado Privacy Act Rulemaking Process

Hunton Privacy

APRIL 25, 2022

Data Protection Assessments (“DPA”) – The Department wants to clarify the form, content and circumstances of data protection assessments required by the CPA, and questions if it should follow any existing model, such as the EU General Data Protection Regulation, and acknowledge interoperability of DPAs conducted for another regime.

Privacy

Privacy Personal data Sales Compliance

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. Reassuringly, the PDPL does not contain any major divergences from other well-known data protection regimes, including the GDPR. What does the PDPL cover and who does it apply to? Definitions. Territoriality.

Personal data

Personal data Data breaches GDPR Compliance

China Issues Second Version of the Draft Personal Information Protection Law for Public Comments

Hunton Privacy

MAY 4, 2021

On April 29, 2021, China issued a second version of the draft Personal Information Protection Law (“Draft PIPL”). The Draft PIPL will be open for public comments until May 28, 2021. Decedent’s Personal Information. Specific Data Processor. Inversion of Burden of Proof.

Personal data

Personal data IT Information Security Privacy

CNIL Fines Clearview AI 20 Million Euros for Unlawful Use of Facial Recognition Technology

Hunton Privacy

OCTOBER 24, 2022

In order to allow the search of a specific person, Clearview AI creates a biometric template which consists of a digital representation of a person’s physical characteristics. Under the EU General Data Protection (the “GDPR”), biometric data qualifies as sensitive personal data and the processing thereof requires additional protection.

Data collection

Data collection Personal data GDPR Marketing

European Data Protection Supervisor Issues Schrems II Guidelines

Data Matters

NOVEMBER 9, 2020

Both are key legal mechanisms used to enable transfers of personal data outside the EU. Below is a summary of the key takeaways of the EDPS Guidance: Focus on personal data transfers to the U.S.: The EDPS confirms that its priority focus will be on data transfers “towards the United States”. 12333 (the U.S.

Personal data

Personal data Compliance Privacy Communications

CJEU Issues Ruling on Jurisdictional Aspects of the GDPR’s One-Stop-Shop

Hunton Privacy

JUNE 15, 2021

On June 15, 2021, the Court of Justice of the European Union (the “CJEU”) released its judgment in case C-645/19 of Facebook Ireland Limited, Facebook Inc., the Belgian Data Protection Authority (“Belgian DPA”). Facebook Belgium BVBA v. We previously reported on the background of the case and the Advocate General’s opinion.

GDPR

GDPR Personal data IT

UK Supreme Court Grants Google Permission to Appeal Class Action Claim in Lloyd vs Google LLC

Data Matters

JULY 16, 2020

relates to the alleged tracking of personal data by Google of 4.4 million iPhone users and subsequent selling of the users’ data to advertisers, without the users’ knowledge and consent. Whether the High Court judge was correct to exercise his discretion in ruling that the claim should not be permitted to proceed under CPR 19.6

Personal data

Personal data GDPR Privacy Data Privacy

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

DLA Piper Privacy Matters

SEPTEMBER 6, 2021

On 2 September 2021, the Data Protection Commission (DPC) announced it has imposed a €225 million administrative fine against WhatsApp Ireland Limited , as well as a reprimand and an order to bring its processing into compliance. Non-User Data.

GDPR

GDPR Personal data Communications e-Delivery

A deeper dive into the new Standard Contractual Clauses

Data Protection Report

JUNE 7, 2021

On Friday 4 June, the European Commission published the finalised version of the new Standard Contractual Clauses for transferring personal data from the EU to third countries (the New SCCs). Companies now have 18 months to update their supplier contracts and other data export arrangements. Article 4 of Implementing Decision ).

Personal data

Personal data GDPR Data breaches Access

CIPL Submits Response to the EDPB Guidelines on Virtual Voice Assistants

Hunton Privacy

APRIL 27, 2021

On April 23, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the European Data Protection Board (“EDPB”) consultation on draft guidelines on virtual voice assistants (the “Guidelines”). The Guidelines were adopted on March 12, 2021 for public consultation.

GDPR

GDPR Artificial Intelligence Privacy Personal data

Considerations on embedding the new standard contractual clauses in IT contracts

DLA Piper Privacy Matters

AUGUST 3, 2021

On 4 June 2021, the European Commission released the final version of the new Standard Contractual Clauses (new SCCs) (see our blogpost here ). This will require both data exporters and data importers to put in place a methodological process to perform such assessments, to support each other and exchange relevant information.

IT

IT Personal data Compliance Risk

Ireland/EU: Irish DPC bans Meta’s EU-US data flows and issues record €1.2bn fine

DLA Piper Privacy Matters

MAY 23, 2023

For Meta, the decision has resulted in a record administrative fine of €1.2bn, an order to suspend further transfers of EEA personal data to the US within five months, and an order to cease all unlawful processing of EEA personal data transferred to the US in violation of GDPR, within six months.

Personal data

Personal data GDPR Risk Privacy

US: Virginia passes comprehensive consumer data protection law

DLA Piper Privacy Matters

MARCH 18, 2021

Virginia’s Governor signed the Virginia Consumer Data Protection Act (“VCDPA”) into law on March 2, 2021. during a calendar year, control or process personal data of at least 100,000 consumers, or. Author: Jim Halpert. Key provisions. business-to-business) or employment context.

Personal data

Personal data Sales GDPR Privacy

China’s evolving data laws: PIPL likely to be passed soon

Data Protection Report

AUGUST 5, 2021

China’s much anticipated Personal Information Protection Law ( PIPL ) is very likely to pass this month after the conclusion of the 30th meeting of the Standing Committee of the National People’s Congress, which is to be held in Beijing on 17-20 August. Key things to note about the PIPL.

Privacy

Privacy Compliance GDPR Personal data

Saudi Arabia’s New Data Protection Law – What you need to know

DLA Piper Privacy Matters

OCTOBER 7, 2021

The Middle East’s data protection regulatory landscape is complex, and continues to develop with Saudi Arabia’s ( KSA ) newly published Personal Data Protection Law ( PDPL ). While the PDPL contains the main features of a modern data protection law, it cannot be considered a direct analogue of the GDPR. Direct marketing.

Personal data

Personal data Compliance Computer and Electronics IoT

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

Hunton Privacy

FEBRUARY 3, 2022

The Belgian DPA rejected this argument and found that IAB Europe acts as a data controller with respect to the TCF and therefore can be held responsible for violations of the GDPR. The Belgian DPA found that IAB Europe does not have a legal basis for the processing of personal data through the TCF. One Stop Shop.

GDPR

GDPR Personal data Marketing IT

How FIDO 2 authentication can help achieve regulatory compliance

Thales Cloud Protection & Licensing

JUNE 24, 2021

Thu, 06/24/2021 - 07:22. According to both regulations, data subjects, citizens of the EU and the State of California have the rights of access, rectification, erasure, and portability on their personal data. How FIDO 2 authentication can help achieve regulatory compliance.

Authentication

Authentication Compliance Personal data GDPR

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

On 16 November 2021, the French data protection supervisory authority (the “CNIL”) published a practical guide (“Guide”) on Data Protection Officers (“DPOs”). The DPO is the key contact for the CNIL and data subjects. The Guide starts with a section on the role of the DPO : . Provide information and advice.

GDPR

GDPR Compliance Personal data Communications

New York City Council Passes Tenant Data Privacy Act

Hunton Privacy

MAY 13, 2021

On April 29, 2021, the New York City Council passed the Tenant Data Privacy Act (“TDPA”), which would regulate the collection, use, safeguarding and retention of tenant data by owners of “smart access” buildings. The TDPA also would create a private right of action for tenants whose data is unlawfully sold.

Data Privacy

Data Privacy Privacy Passwords Authentication

Essential guidance for employers implementing COVID-19 measures at the workplace

Data Protection Report

SEPTEMBER 16, 2021

We will discuss the guidance issued by (i) the Ministry of Manpower (“ MOM ”) on the updated safe management measures at the workplace; (ii) the MOM on COVID-19 vaccination in relation to the workplace; and (iii) the Personal Data Protection Commission (“ PDPC ”) on the collection of personal data at the workplace for COVID-19 contact tracing.

Personal data

Personal data Data collection Risk Access

Europe: Advocate General delivers Opinion on the right of access for purposes unrelated to data protection

DLA Piper Privacy Matters

APRIL 25, 2023

15(3) GDPR must be interpreted as requiring a data controller to provide the data subject with a copy of his or her personal data, even where the data subject requests the copy for purposes unrelated to data protection. In particular, the AG took the view that Art. 12(5) and Art. 12(5) and Art. 24 et seq.).

Access

Access GDPR Personal data IT

European Data Protection Board Issues Final Schrems II Recommendations

Data Matters

JUNE 25, 2021

The European Data Protection Board (“ EDPB ”), adopted on 18 June 2021 its final recommendations describing how controllers and processors transferring personal data outside the European Economic Area (“ EEA ”) may comply with the Schrems II ruling (“ Final Schrems II Recommendations ”). STEP 1 – Mapping Exercise.

Personal data

Personal data Access Communications Cloud

China: Navigating China episode 17: China’s Draft Privacy and Security Laws – second drafts clarify compliance steps for businesses

DLA Piper Privacy Matters

MAY 4, 2021

Second drafts of the new overarching national personal data protection and data security laws have just been published, and give a clearer picture of the impending new national frameworks in China. Draft Personal Information Protection Law. Draft Data Security Law.

Compliance

Compliance Security Personal data Privacy

Ireland / Europe: DPC’s Record Fine Raises Expectations on Standards Applicable for Processing Children’s Data

DLA Piper Privacy Matters

OCTOBER 17, 2022

A recent decision by the Irish Data Protection Commission (“ DPC “) imposing a record €405 million fine provides clarification on the lawfulness of processing children’s personal data in accordance with the legal bases of ‘performance of contract’ and ‘legitimate interest’. Background. The Decision.

GDPR

GDPR Personal data Risk Compliance

Essential guidance for employers on COVID-19 measures at the workplace from 26 April 2022

Data Protection Report

MAY 17, 2022

This post considers the MOM Guidance and other related guidance issued by the Ministry of Health (“ MOH ”) [2] and associated data privacy considerations under the Personal Data Protection Act 2012 (“ PDPA ”). 3] See Updated advisory on COVID-19 vaccination at the workplace issued on 23 October 2021. [4]

Personal data

Personal data Risk Data Privacy Privacy

EU Regulatory Data Protection: A first appraisal of the European Commission’s proposal for a ‘Data Act’

DLA Piper Privacy Matters

FEBRUARY 23, 2022

The European Commission today presented its second instrument in the European Data Strategy; a “Regulation on harmonised rules on fair access to and use of data”, better known as the Data Act. In the proposal, “data” is broadly defined and contains both personal and non-personal data.

GDPR

GDPR Personal data IoT Access

Advocate General Issues Opinion on GDPR’s One-Stop-Shop

Hunton Privacy

JANUARY 14, 2021

On January 13, 2021, Advocate General (“AG”) Michal Bobek of the Court of Justice of the European Union (“CJEU”) issued his Opinion in the Case C-645/19 of Facebook Ireland Limited, Facebook Inc., the Belgian Data Protection Authority (“Belgian DPA”). Facebook Belgium BVBA v. Background.

GDPR

GDPR Personal data Risk IT

ICO Guidance on Artificial Intelligence

Privacy and Cybersecurity Law

AUGUST 5, 2020

A DPIA must be meaningful and not a box-ticking exercise. Instead, the ICO will consult on this with stakeholders, with a view to publishing more details in updated Cloud Computing Guidance in 2021. Statistical accuracy needs to be balanced with the principle of data minimisation. The ICO recommends a DPIA is carried out.

Artificial Intelligence

Artificial Intelligence GDPR Personal data Compliance

PIPL: A Game Changer for Companies in China

Data Protection Report

AUGUST 24, 2021

China passed its Personal Information Protection Law (PIPL) on 20 August 2021. This is China’s first omnibus data protection law, and will take effect from 1 November 2021 allowing companies just over two months to prepare themselves. The PIPL is a game changer for any company with data or business in China.

GDPR

GDPR Compliance Analytics Security

Transfer data outside of China: New security review regulation companies should know

Data Protection Report

NOVEMBER 11, 2021

The Cyberspace Administration of China ( CAC ) released the draft Security Review Measures for Cross-Border Data Transfer (the Draft Security Review Measures ) for public comments on 29 October 2021 – shortly before the effective date of the Personal Information Protection Law ( PIPL ), 1 November 2021.

Security

Security Risk Personal data IT

UK Government sets out proposals to shake up UK data protection laws

Data Protection Report

SEPTEMBER 28, 2021

On 10 September 2021, the UK Government published its consultation paper on proposals to reform the UK’s data protection regime. The deadline for responding to the consultation is 19 November 2021. On legitimate interests, the Government proposes disapplying the legitimate interest balancing test for certain activities.

Government

Government FOIA GDPR Compliance

ICO Publishes Age Appropriate Design Code of Practice for Online Products and Services accessed by Children

Privacy and Cybersecurity Law

FEBRUARY 14, 2020

Detrimental Use of Data: You should not use children’s personal data in ways that have been shown to be detrimental to their wellbeing , or that go against industry codes of practice, other regulatory provisions, or Government advice. Give children separate choices over which elements they wish to activate. …

Access

Access Personal data IoT Privacy

Italian National Cybersecurity Perimeter: With great power comes great responsibility!

Privacy and Cybersecurity Law

JUNE 23, 2021

On June 11, 2021, the Regulation on notifications of incidents affecting networks, information systems and IT services (“ Regulation ”) – adopted by means of the Decree of the President of the Council of Ministers (DPCM) of 14 April 2021, no. 2] Until December 31, 2021, notifications may be performed on an experimental basis. [3]

Cybersecurity

Cybersecurity Communications Data breaches Security

Will reforms take the DP out of GDPR?

CILIP

NOVEMBER 16, 2021

exercise to a risk-management one, and aims to do so without threatening the data security of individuals. s personal data must be at the heart of our new regime. in the DCMS ICO consultation are in fact currently necessary protections against the potential abuse of personal data and infringement of personal privacy.

GDPR

GDPR Personal data Government Risk

ICO Publishes Age Appropriate Design Code of Practice for Online Products and Services accessed by Children

Privacy and Cybersecurity Law

FEBRUARY 14, 2020

Detrimental Use of Data: You should not use children’s personal data in ways that have been shown to be detrimental to their wellbeing , or that go against industry codes of practice, other regulatory provisions, or Government advice. Give children separate choices over which elements they wish to activate.

Access

Access Personal data IoT Privacy

CHINA: (More) Important Developments in China’s Privacy and Cyber Laws

DLA Piper Privacy Matters

JUNE 4, 2020

New national level laws: an enhanced right of the individual to personal data protection, including the right to bring personal civil claims for breach of data privacy, has been included in the new PRC Civil Code, and will take effect on 1 January 2021. banking) authorities.

Privacy

Privacy Data Privacy Compliance Personal data

Algorithmic Decision-making and the UK ICO’s Guidance on AI

Data Protection Report

SEPTEMBER 8, 2020

Transparency is one of the trickiest considerations when it comes to processing personal data in an AI system. Where an AI system makes decisions about individuals, SARs (subject access requests, or requests to exercise rights under the GDPR) are going to be part and parcel. Explainability” – the new “transparency”.

Personal data

Personal data Risk GDPR Artificial Intelligence

EU Council Agrees on Proposed ePrivacy Regulation

Data Matters

MARCH 10, 2021

On February 10, 2021, the Council of the European Union (which includes representatives of the European Union (EU) member states, hereinafter Council) reached an agreement on the ePrivacy Regulation proposal that governs the protection of privacy and confidentiality of electronic communications services (ePrivacy Regulation).

GDPR

GDPR Metadata Communications Privacy

India Releases Revised Non-Personal Data Framework

Lessons on international transfers to the US to organisations caught by the GDPR

Webinars

Trending Sources

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Webinars

EDPB Releases Guidelines on Virtual Voice Assistants

Dutch DPA Fines Company 525,000 EUR for Failure to Designate EU Representative

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Colorado AG Provides Insights on the Colorado Privacy Act Rulemaking Process

UAE: Federal level data protection law enacted

China Issues Second Version of the Draft Personal Information Protection Law for Public Comments

CNIL Fines Clearview AI 20 Million Euros for Unlawful Use of Facial Recognition Technology

European Data Protection Supervisor Issues Schrems II Guidelines

CJEU Issues Ruling on Jurisdictional Aspects of the GDPR’s One-Stop-Shop

UK Supreme Court Grants Google Permission to Appeal Class Action Claim in Lloyd vs Google LLC

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

A deeper dive into the new Standard Contractual Clauses

CIPL Submits Response to the EDPB Guidelines on Virtual Voice Assistants

Considerations on embedding the new standard contractual clauses in IT contracts

Ireland/EU: Irish DPC bans Meta’s EU-US data flows and issues record €1.2bn fine

US: Virginia passes comprehensive consumer data protection law

China’s evolving data laws: PIPL likely to be passed soon

Saudi Arabia’s New Data Protection Law – What you need to know

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

How FIDO 2 authentication can help achieve regulatory compliance

France: The CNIL publishes a practical guide on Data Protection Officers

New York City Council Passes Tenant Data Privacy Act

Essential guidance for employers implementing COVID-19 measures at the workplace

Europe: Advocate General delivers Opinion on the right of access for purposes unrelated to data protection

European Data Protection Board Issues Final Schrems II Recommendations

China: Navigating China episode 17: China’s Draft Privacy and Security Laws – second drafts clarify compliance steps for businesses

Ireland / Europe: DPC’s Record Fine Raises Expectations on Standards Applicable for Processing Children’s Data

Essential guidance for employers on COVID-19 measures at the workplace from 26 April 2022

EU Regulatory Data Protection: A first appraisal of the European Commission’s proposal for a ‘Data Act’

Advocate General Issues Opinion on GDPR’s One-Stop-Shop

ICO Guidance on Artificial Intelligence

PIPL: A Game Changer for Companies in China

Transfer data outside of China: New security review regulation companies should know

UK Government sets out proposals to shake up UK data protection laws

ICO Publishes Age Appropriate Design Code of Practice for Online Products and Services accessed by Children

Italian National Cybersecurity Perimeter: With great power comes great responsibility!

Will reforms take the DP out of GDPR?

ICO Publishes Age Appropriate Design Code of Practice for Online Products and Services accessed by Children

CHINA: (More) Important Developments in China’s Privacy and Cyber Laws

Algorithmic Decision-making and the UK ICO’s Guidance on AI

EU Council Agrees on Proposed ePrivacy Regulation

Stay Connected