2021, GDPR and Marketing - Information Management Today

Lessons on international transfers to the US to organisations caught by the GDPR

Data Protection Report

SEPTEMBER 11, 2024

It also highlights the compliance gap around transfers to recipients in third countries caught by Article 3(2) General Data Protection Regulation (GDPR). The CNIL forwarded the complaint to the AP, as Uber’s lead supervisory authority under the GDPR’s one-stop-shop mechanism, in January 2021. signed up to the DPF.

GDPR

GDPR Personal data Compliance Artificial Intelligence

CIPL Publishes White Paper on the Interplay Between the Draft EU Digital Markets Act and the GDPR

Hunton Privacy

DECEMBER 16, 2021

On December 6, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP published a white paper on “ Bridging the DMA and the GDPR – Comments by the Centre for Information Policy Leadership on the Data Protection Implications of the Draft Digital Markets Act ” (the “White Paper”).

Paper

Paper GDPR Marketing Compliance

The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR

Hunton Privacy

NOVEMBER 23, 2021

On November 19, 2021, the European Data Protection Board (“EDPB”) published its draft Guidelines 05/2021 (the “Guidelines”) on the interplay between the application of Article 3 of the EU General Data Protection Regulation (“GDPR”), which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers.

GDPR

GDPR Personal data Marketing Government

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

Experian’s data processing practices violate the GDPR

IT Governance

OCTOBER 28, 2020

It has given the organisation nine months to make appropriate changes, with the threat of a GDPR (General Data Protection Regulation) penalty looming. Under the GDPR, organisations must explain to individuals why their personal data is being collected and limit the use of the data to that purpose.

GDPR

GDPR Personal data Marketing Privacy

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

Hunton Privacy

FEBRUARY 3, 2022

The TCF is a GDPR consent solution developed by IAB Europe that has become a widely used approach to collecting and managing consent for targeted advertising cookies in the EU. Audit participating organizations to ensure they comply with the GDPR. Background. Key points from the Belgian DPA’s decisions are summarized below: Lawfulness.

GDPR

GDPR Personal data Marketing IT

5 key privacy trends for 2021

IT Governance

JANUARY 27, 2021

We saw last year a record number of data breaches and a surge in penalties for regulatory violations , but 2021 is set to be even more perilous as the public demand for data privacy grows, COVID-19 scams continue and data protection laws get more complex following Brexit. GDPR enforcement will be more consistent.

Privacy

Privacy GDPR Data Privacy Personal data

erwin’s Predictions for 2021: Data Relevance Shines at the End of the Tunnel

erwin

JANUARY 7, 2021

Our predictions for 2021 are rooted in what we’ve learned from the past year and the relevance of data in getting us to where we are and where we need to go. As a result, look for more automated compliance solutions to hit the market. My hope is that this trend of being human in the workplace extends beyond 2021.

Metadata

Metadata Government Compliance Artificial Intelligence

Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers

Hunton Privacy

MAY 24, 2021

On May 20, 2021, the Belgian Data Protection Authority (“Belgian DPA”), as the lead authority (in collaboration with two co-reviewing authorities), announced that it had approved the EU Data Protection Code of Conduct for Cloud Service Providers (the “EU Cloud CoC”). e) of the GDPR.

Cloud

Cloud GDPR Compliance Personal data

Austrian DPA Finds Data Transfers Resulting from Analytics Cookie Use to Be in Violation of GDPR Data Transfer Requirements

Hunton Privacy

JANUARY 24, 2022

The Austrian DPA ruled that the use of Google Analytics cookies by the website operator violates both Chapter V of the EU General Data Protection Regulation (“GDPR”), which establishes rules on international data transfers, and the Schrems II judgment of the Court of Justice of the European Union. intelligence agencies under U.S.

Analytics

Analytics GDPR Personal data Data collection

Brazilian Data Protection Law Update – Delayed Enforcement, Lack of Administrative Structure, and Market Unreadiness

Data Matters

JULY 22, 2020

Considering these new circumstances, the imposition of new costs in connection to the LGPD may not be welcomed by market actors, even if those costs were foreseeable when the law was initially published. 959/2020 (“MP 959”), postponing the enforcement of the LGPD’s general provisions, previously scheduled for August 15, 2020, to May 3, 2021.

Marketing

Marketing Compliance Personal data GDPR

The bright side of data privacy compliance: 5 value-driven opportunities for retailers

Thales Cloud Protection & Licensing

AUGUST 30, 2023

The bright side of data privacy compliance: 5 value-driven opportunities for retailers madhav Thu, 08/31/2023 - 05:20 Failing to keep up with data privacy legislations, such as General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA) can harm a brand’s bottom-line and public reputation.

Retail

Retail Data Privacy Compliance Privacy

CIPL Submits Response to the EDPB Guidelines on Virtual Voice Assistants

Hunton Privacy

APRIL 27, 2021

On April 23, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the European Data Protection Board (“EDPB”) consultation on draft guidelines on virtual voice assistants (the “Guidelines”). The Guidelines were adopted on March 12, 2021 for public consultation.

GDPR

GDPR Artificial Intelligence Privacy Personal data

DCMS Cyber Security Breaches Survey 2021 highlights more still to be done by the majority of businesses

DLA Piper Privacy Matters

MAY 5, 2021

The GDPR has clearly driven public awareness of data protection and privacy and expectations have increased accordingly. Shareholders and stock markets react when incidents happen. Regulatory expectation. The public expect their personal data and privacy to be protected.

Security

Security Personal data GDPR Privacy

Rejecting cookies should be as easy as accepting cookies: new sanctions by the French authority (CNIL)

Data Protection Report

FEBRUARY 14, 2022

The French Data Protection Authority (the “ CNIL ”) continues its campaign against companies that do not respect the rules relating to cookies and other trackers, which the CNIL has previously reminded the market about in multiple communications and decisions. CNIL’s role to issue practical illustrations under GDPR. High sanctions.

GDPR

GDPR Compliance Communications Personal data

Show-me: Spanish Data Protection laws shaken by the Supreme Court

DLA Piper Privacy Matters

SEPTEMBER 15, 2021

By the end of the 2018, the Spanish Parliament belatedly completed the framework provided by EU’s GDPR approving a new Data Protection Act. All this local gold-plating may have now been blown-out by a decision of the Spanish Supreme Court dated 14 September 2021. This implies an earthquake in the Spanish privacy market.

GDPR

GDPR Privacy Government Personal data

DCMS Consults on National Data Strategy

Hunton Privacy

SEPTEMBER 15, 2021

On September 10, 2021, the UK Government Department for Digital, Culture, Media & Sport (“DCMS”) launched a consultation on its proposed reforms to the UK data protection regime. Organizations are encouraged to provide input on a range of data protection proposals, some of which are outlined below.

GDPR

GDPR Personal data Risk Communications

EDPB Opinion on UK Adequacy: Strong Alignment but Challenges Remain

DLA Piper Privacy Matters

APRIL 19, 2021

The GDPR imposes restrictions on the transfer of personal data to a ‘third country’ unless that country benefits from (i) an adequacy decision; (ii) appropriate safeguards (e.g. standard contractual clauses ( SCCs )); or (iii) one of the limited exceptions under Article 49 GDPR. adequacy decision. Background. EDPB Opinions.

Personal data

Personal data GDPR Access Marketing

ICO Issues Enforcement Notice Against Experian

Hunton Privacy

OCTOBER 29, 2020

The notice requires Experian to make fundamental changes to its offline direct marketing practices, and was issued after the ICO undertook a two-year investigation into the use of personal data by data broking businesses Experian, Equifax and TransUnion.

Personal data

Personal data Marketing GDPR Compliance

International Data Protection Day 2022

DLA Piper Privacy Matters

JANUARY 28, 2022

Fully refreshed and updated for 2022 we have new jurisdictional entries that now includes Sri Lanka and the Abu Dhabi Global Market Free Zone who launched their new data protection regime last year. Looking back on 2021, the privacy and data protection landscape continues to evolve at pace. billion) in fines since 28 January 2021.

GDPR

GDPR Privacy Data breaches Personal data

ICO Confirms UK Firms May Rely on Public Interest Derogation for SEC Transfers

Hunton Privacy

JANUARY 29, 2021

On January 19, 2021, the UK Information Commissioner’s Office (“ICO”) published its analysis of the application of the UK General Data Protection Regulation (the “UK GDPR”) to transfers from UK-based firms or branches that are registered, required to be registered or otherwise regulated by the U.S. exchange or market.

GDPR

GDPR Compliance Marketing Security

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

Data privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) can be hard to navigate for businesses of any size, but GRC tools can simplify and streamline compliance with all of the requirements. Audit management. Compliance management. Risk scoring. End user experience.

Compliance

Compliance Risk Government Retail

China Passes Personal Information Protection Law

Hunton Privacy

AUGUST 20, 2021

On August 20, 2021, China’s 13 th Standing Committee of the National People’s Congress passed the Personal Information Protection Law (the “PIPL”). It is modeled, in part, on other jurisdictions’ omnibus data protection regimes, including the EU General Data Protection Regulation (“GDPR”). Application of the PIPL.

GDPR

GDPR Government Access Security

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up

DLA Piper Privacy Matters

FEBRUARY 28, 2022

The Data Protection Commission (DPC) has published its 2021 Annual Report , highlighting key observations, emerging guidance, and large-scale inquiries and decisions of 2021. The DPC received a total of 6,549 valid notifications of personal data breaches in 2021. ePrivacy Enforcement – Website Cookies & Marketing.

Financial Services

Financial Services Data breaches Personal data Compliance

How encryption can help address Cloud misconfiguration

Thales Cloud Protection & Licensing

NOVEMBER 15, 2021

Tue, 11/16/2021 - 06:15. On August 26, 2021, Wiz announced it had gained "complete unrestricted access to the accounts and databases of several thousand Microsoft Azure customers, including many Fortune 500 companies" via a loophole created by "a series of flaws in a Cosmos DB feature." Krishna Ksheerabdhi | VP, Product Marketing.

Encryption

Encryption Cloud Access Privacy

Digital Health in the UK: MHRA Bold New (Regulatory) World?

Data Matters

SEPTEMBER 22, 2021

Accordingly, the MHRA has opened its anticipated Consultation on the future regulation of medical and in vitro diagnostic (IVD) devices in the United Kingdom, setting out the upcoming legislative changes, which runs until November 25, 2021. A summary table of the work packages is below/ at the end of the article.].

Marketing

Marketing Artificial Intelligence Risk Access

Data Beyond Borders: The Schrems II Aftermath

Thales Cloud Protection & Licensing

MARCH 1, 2021

Tue, 03/02/2021 - 07:06. However, the level of the impact depends on the geography and the vertical of each organization and the strategic privacy planning they have done for sustaining compliance with GDPR. Data protection is a market differentiator, because consumers care about their data and how it is being handled by companies.

GDPR

GDPR Compliance Privacy Cloud

Automated Security and Compliance Attracts Venture Investors

eSecurity Planet

FEBRUARY 14, 2023

The vision was to automate security and compliance across 14 frameworks, including SOC 2, ISO 27001, HIPAA and GDPR. GRC Market Defies Downturn There are some powerful drivers for the compliance and security automation market. OneTrust is another company benefiting from the booming compliance market, rocketing to a $5.3

Compliance

Compliance Security Cybersecurity Marketing

UK police forces suffered more than 2,000 data breaches in 2020

IT Governance

MAY 27, 2021

For example, the report revealed that police stations suffered 299 data breaches on average between January 2016 and April 2021. Indeed, we reported in 2017 that the Metropolitan Police handed the addresses of 30,000 London gun owners to a direct mail marketing agency.

Data breaches

Data breaches Data Privacy Marketing Privacy

EU Council Agrees on Proposed ePrivacy Regulation

Data Matters

MARCH 10, 2021

On February 10, 2021, the Council of the European Union (which includes representatives of the European Union (EU) member states, hereinafter Council) reached an agreement on the ePrivacy Regulation proposal that governs the protection of privacy and confidentiality of electronic communications services (ePrivacy Regulation).

GDPR

GDPR Metadata Communications Privacy

Belgium: ePrivacy proposal in progress: Council agrees on its position to start off ‘trilogue’ negotiations

DLA Piper Privacy Matters

FEBRUARY 16, 2021

To align with the GDPR, metadata collected for one purpose can be further processed for a compatible purpose. Compatibility is to be determined using a non-exhaustive list of criteria which resemble those of the GDPR. 6 (1)(b) GDPR added as an additional legal basis for processing metadata. Direct marketing and SPAM.

Metadata

Metadata GDPR IT Communications

France: the CNIL has released its annual dawn raid Program for 2022: three key priorities!

DLA Piper Privacy Matters

FEBRUARY 22, 2022

As a reminder, in 2021, the CNIL’s priority topics were (i) the cybersecurity of the French websites, (ii) the security of the health data and (iii) compliance with the rules applicable to cookies and other trackers further to its recommendations and guidelines released in March 2021. Direct marketing. Use of cloud computing.

IT

IT Cloud Personal data Data breaches

Schrems II moves the goalposts – better data discovery can help

Thales Cloud Protection & Licensing

APRIL 14, 2021

Thu, 04/15/2021 - 05:17. Just when you thought that you had a working solution compliant with General Data Protection Regulation (GDPR), for sharing data between EU and non-EU countries as part of your regular business communications, the Schrems II ruling appears out of nowhere and moves the goalposts! Encryption. Compliance.

GDPR

GDPR Compliance Encryption Privacy

Building cyber security careers

IT Governance

OCTOBER 21, 2021

This campaign is part of Cybersecurity Awareness Month 2021 , which is focused on empowering individuals and organisations to “own their role in protecting their part of cyberspace”. No matter what area of cyber security you move into, you will almost certainly come across the GDPR. UK skills gap. Build your cyber security career.

Security

Security Information Security GDPR Data Privacy

Ireland/EU: Irish DPC bans Meta’s EU-US data flows and issues record €1.2bn fine

DLA Piper Privacy Matters

MAY 23, 2023

For Meta, the decision has resulted in a record administrative fine of €1.2bn, an order to suspend further transfers of EEA personal data to the US within five months, and an order to cease all unlawful processing of EEA personal data transferred to the US in violation of GDPR, within six months.

Personal data

Personal data GDPR Risk Privacy

How FIDO 2 authentication can help achieve regulatory compliance

Thales Cloud Protection & Licensing

JUNE 24, 2021

Thu, 06/24/2021 - 07:22. In the following paragraphs we will examine use cases where FIDO2 simplifies compliance with privacy and security regulations, namely GDPR, CCPA and PSD2. Compliance with GDPR and CCPA. Sarah Lefavrais | IAM Product Marketing Manager. As such, FIDO2 can become an enabler for regulatory compliance.

Authentication

Authentication Compliance Personal data GDPR

Key Takeaways From Sidley’s Privacy and Cybersecurity Monitor-Side Chat Featuring Bruno Gencarelli, Head of International Data Flows and Protection at the European Commission

Data Matters

JUNE 30, 2020

The discussion focused largely on the Commission’s report on two years of the GDPR which was issued on 24 June 2020. Key takeaways from the Sidley Monitor-Side Chat include: COVID-19 – “stress test” and a “test case” for the GDPR, DPAs and the European Data Protection Board (“EDPB”). International Transfer Mechanisms Update.

Privacy

Privacy GDPR Cybersecurity Personal data

Tentative further steps towards an agreed ePrivacy Regulation

Data Protection Report

FEBRUARY 15, 2021

On 10 February 2021, the Council of the EU’s Permanent Representatives Committee (COREPER) finally adopted an agreed position on the ePrivacy Regulation, allowing the legislation to progress to the next stage of negotiation, namely the trilogue between the Council, the European Parliament and the European Commission. Direct marketing.

Metadata

Metadata GDPR Privacy Marketing

Will this recent High Court decision reduce the number of group-litigation claims?

DLA Piper Privacy Matters

FEBRUARY 10, 2021

A judgment handed down following a costs and case management conference in Weaver [2021] EWHC 217 (QB) appears to have struck a blow to claimant solicitors seeking to pursue group-action in the UK. distress”) were made recoverable – a concept ultimately embodied in the UK-GDPR and the Data Protection Act 2018. Background.

Marketing

Marketing Data breaches GDPR Personal data

CNIL Fines Clearview AI 20 Million Euros for Unlawful Use of Facial Recognition Technology

Hunton Privacy

OCTOBER 24, 2022

Clearview AI markets access to its image database, which consists of a search engine where a person can be searched by using a picture. Under the EU General Data Protection (the “GDPR”), biometric data qualifies as sensitive personal data and the processing thereof requires additional protection.

Data collection

Data collection Personal data GDPR Marketing

EU Commission Issues Draft AI Regulation

Data Matters

APRIL 23, 2021

On April 21, 2021, the European Commission ( EC ) issued its eagerly awaited draft proposal on the EU Artificial Intelligence Regulation ( Draft AI Regulation ) – the first formal legislative proposal regulating Artificial Intelligence ( AI ) on a standalone basis. Who Does the Draft AI Regulation Apply to?

Artificial Intelligence

Artificial Intelligence GDPR Risk Marketing

Part II – Digital Health Passports in Europe: Amended Proposal for a Digital Green Certificate and Eligible Testing Methods

Data Matters

MAY 3, 2021

In March 2021, the European Commission released a proposal for the creation of a “Digital Green Certificate,” which will allow EU citizens to travel easier throughout the EU during the COVID-19 pandemic. Based on the revised text of the Council, the European Parliament is expected to adopt its position at its plenary on April 26-29, 2021.

Personal data

Personal data Data Privacy Privacy Data collection

Protecting Medical Data Against a Cyber-Attack Pandemic

Thales Cloud Protection & Licensing

AUGUST 3, 2021

Tue, 08/03/2021 - 09:44. Financially motivated actors target medical records because they are lucrative assets on the dark market. In fact, the Thales 2021 Data Threat Report reveals that: Only 33% of healthcare providers encrypt 41-50% of their data in the cloud, much better than the global 17% of survey respondents.

IoT

IoT Encryption Cloud Authentication

EU Regulatory Data Protection: A first appraisal of the European Commission’s proposal for a ‘Data Act’

DLA Piper Privacy Matters

FEBRUARY 23, 2022

This means that the Data Act would further regulate personal data in addition to the GDPR. It would also extend certain GDPR-like obligations to non-personal data, such as data portability and data transfer restrictions for non-personal data, as well as introduce completely new rules.

GDPR

GDPR Personal data IoT Access

How can banks succeed in the digital banking era?

Thales Cloud Protection & Licensing

NOVEMBER 22, 2021

Tue, 11/23/2021 - 06:13. Digital-only banks and Fintechs are expected to grow “at a compound annual rate of about 23.41%” from 2021-2026. Digital-only banks and Fintechs are expected to grow “at a compound annual rate of about 23.41%” from 2021-2026. Marcelo DeLima | Senior Manager, Americas Channel Marketing.

Digital transformation

Digital transformation Financial Services Customer Experience Risk

Lessons on international transfers to the US to organisations caught by the GDPR

CIPL Publishes White Paper on the Interplay Between the Draft EU Digital Markets Act and the GDPR

Webinars

Trending Sources

The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR

Webinars

Experian’s data processing practices violate the GDPR

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

5 key privacy trends for 2021

erwin’s Predictions for 2021: Data Relevance Shines at the End of the Tunnel

Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers

Austrian DPA Finds Data Transfers Resulting from Analytics Cookie Use to Be in Violation of GDPR Data Transfer Requirements

Brazilian Data Protection Law Update – Delayed Enforcement, Lack of Administrative Structure, and Market Unreadiness

The bright side of data privacy compliance: 5 value-driven opportunities for retailers

CIPL Submits Response to the EDPB Guidelines on Virtual Voice Assistants

DCMS Cyber Security Breaches Survey 2021 highlights more still to be done by the majority of businesses

Rejecting cookies should be as easy as accepting cookies: new sanctions by the French authority (CNIL)

Show-me: Spanish Data Protection laws shaken by the Supreme Court

DCMS Consults on National Data Strategy

EDPB Opinion on UK Adequacy: Strong Alignment but Challenges Remain

ICO Issues Enforcement Notice Against Experian

International Data Protection Day 2022

ICO Confirms UK Firms May Rely on Public Interest Derogation for SEC Transfers

Top GRC Tools & Software for 2021

China Passes Personal Information Protection Law

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up

How encryption can help address Cloud misconfiguration

Digital Health in the UK: MHRA Bold New (Regulatory) World?

Data Beyond Borders: The Schrems II Aftermath

Automated Security and Compliance Attracts Venture Investors

UK police forces suffered more than 2,000 data breaches in 2020

EU Council Agrees on Proposed ePrivacy Regulation

Belgium: ePrivacy proposal in progress: Council agrees on its position to start off ‘trilogue’ negotiations

France: the CNIL has released its annual dawn raid Program for 2022: three key priorities!

Schrems II moves the goalposts – better data discovery can help

Building cyber security careers

Ireland/EU: Irish DPC bans Meta’s EU-US data flows and issues record €1.2bn fine

How FIDO 2 authentication can help achieve regulatory compliance

Key Takeaways From Sidley’s Privacy and Cybersecurity Monitor-Side Chat Featuring Bruno Gencarelli, Head of International Data Flows and Protection at the European Commission

Tentative further steps towards an agreed ePrivacy Regulation

Will this recent High Court decision reduce the number of group-litigation claims?

CNIL Fines Clearview AI 20 Million Euros for Unlawful Use of Facial Recognition Technology

EU Commission Issues Draft AI Regulation

Part II – Digital Health Passports in Europe: Amended Proposal for a Digital Green Certificate and Eligible Testing Methods

Protecting Medical Data Against a Cyber-Attack Pandemic

EU Regulatory Data Protection: A first appraisal of the European Commission’s proposal for a ‘Data Act’

How can banks succeed in the digital banking era?

Stay Connected