The destruction of the algorithm: the new sanction for breaching the GDPR?

Since 2019, The Federlñ Trade Commission (FTC) has been seeking ways to punish the new digital unfair practices, consisting on illegally obtaining personal information from Internet users and exploit it with artificial intelligence tools. In this case, the punishment ...Mehr lesen

Personal data protection in Ecuador, a few steps forward

The process of designating the Personal Data Protection Authority, the next milestone in the construction of the national data protection system in Ecuador, begins. ...Mehr lesen

CCTV monitoring and the practice of the Hungarian DPA

CCTV monitoring has long been a key field for the Hungarian DPA. The article summarizes the DPA’s practice, as well as the related latests updates. ...Mehr lesen

Schrems II resolved? Unpacking the EU-US Trans-Atlantic Data Privacy Framework

The United States and the European Commission have agreed in principle to a new Trans-Atlantic Data Privacy Framework (the ‘Framework’) to foster EU-US data flows and address the concerns raised by the Court of Justice of the European Union (‘CJEU’) in the now infamous ...Mehr lesen

Important concepts in cross-border transfer of data from China

The Data Security Law (“DSL”) and Personal Information Protection Law (“PIPL”) of mainland China, which came into force last year, play an important role in regulating data privacy in mainland China, alongside the existing Cybersecurity Law (“CSL”). These three laws ...Mehr lesen

First European Code of Conduct for the pharma industry approved

A Code of Conduct regulating the processing of personal data in the field of clinical trials and other clinical research and pharmacovigilance has been approved. The code of conduct, promoted by Farmaindustria in Spain, regulates how the promoters of clinical studies ...Mehr lesen

CNIL orders 3 websites to stop using Google Analytics

The French supervisory authority has adopted 3 formal notices against famous French websites requiring them to stop using Google Analytics because of unlawful data transfers to the United States. ...Mehr lesen

The Polish DPA rules about the right to access the personal data contained in trackers

The Polish DPA (the President of the Personal Data Protection Office, further as "the Polish DPA") has reprimanded a webiste operator for infringing article 6(1), article 15 (1) and article 15 (3) GDPR. The Polish DPA also ordered the webiste operator to erase data ...Mehr lesen

INPLP Activity Report 2021 published

The past year was immensely impactful for the INPLP and characterized by strong collaboration, hard work, continued growth of the network, and finally another physical conference in Vienna. Striving for ambitious expansion while strengthening international relations was ...Mehr lesen

The Telecommunication Telemedia Data Protection Act – a new “cookie law” for Germany

On 1 December 2021, the Telecommunication Telemedia Data Protection Act (“TTDSG”) came into effect. Amongst others, it was meant to clear up long-standing ambiguities in relation to the implementation of the EU ePrivacy Directive in Germany, particularly regarding ...Mehr lesen

Dutch GDPR class action against Oracle and Salesforce declared inadmissible

The first major GDPR class action under the Dutch Act on Mass Damages Settlement in Class Actions (WAMCA) has been declared inadmissible before a substantive assessment could take place. ...Mehr lesen

2021 in GDPR fines

The EU General Data Regulation (GDPR) is among the world's toughest data protection laws. In this article you will have a general overview about the fines imposed by control authorities in 2021. ...Mehr lesen

Bulgarian Supreme Administrative Court with Decision on Processing Data for Journalistic Purposes

Bulgarian Supreme Administrative Court issued a decision setting out criteria relevant for assessing the balance between the right to freedom of expression and information and the right to the protection of personal data. ...Mehr lesen

UK’s proposed data protection reforms - a step in the wrong direction?

The proposed reforms to data protection laws by the UK government are ones that have been longed promised in a post-Brexit world and their aim is to create an ambitious, pro-growth and innovation-friendly data protection regime. This article explores some of the key ...Mehr lesen

6th INPLP conference – great success

The 6th INPLP Conference was successfully held in Vienna under the auspices of EuroCloud Europe and organised by Sourcing International. ...Mehr lesen

Upcoming: the 6th INPLP annual conference

Vienna, Austria
19 - 21 November 2021 ...Mehr lesen

Ö-Cloud Gütesiegel geht “live”

...Mehr lesen

Die Cloud, die Gesundheit und die Bank

360° Cloud Webinar Nr. 2, 22.6.2021 um 19:00-20:00 Uhr ...Mehr lesen

Die Cloud, die Beauty und der Großkonzern

360° Cloud Webinar Nr. 1, 21.5.2021 um 14:00-15:00 Uhr ...Mehr lesen

Das Frühlingsevent von EuroCloud Swiss

Swissness in der Cloud ...Mehr lesen

Pharma IT Compliance

Die Schnittstelle von IT und Qualitätssicherung unter dynamischen Rahmenbedingungen ...Mehr lesen

Letter to the EDPB in response to the recently adopted recommendations published by the EDPB

With a letter to the European Data Protection Board (EDPB), the International Network of Privacy Law Professionals (INPLP) made use of the opportunity to provide comments on the recently adopted recommendations published by the EDPB. ...Mehr lesen

EDM erhält 4-Sterne-Zertifikat

Der Cloud-Dienst des Bundesministeriums für Klimaschutz, Umwelt, Energie, Mobilität, Innovation und Technologie (BMK) erhält zum vierten Mal das EuroCloud StarAudit-Zertifikat. Auditoren bestätigenein außerordentlich hohes Niveau in Bezug auf ...Mehr lesen

Monaco: the 2019 Report of the Personal Data Protection Authority published

The Monegasque Data Protection Authority (hereinafter “CCIN”) has just published its 11th Activity Report covering the year 2019, of which here is an overview. ...Mehr lesen

A Path Forward – Draft Guidance Published For Dealing With International Data Transfers Post-Schrems II

In the wake of the decision of the Court of Justice of the European Union (CJEU) in Schrems II, controllers and processors have been working closely with legal advisors to find a compliant way to transfer personal data outside of the European Economic Area (EEA). ...Mehr lesen

Scientific Research across Europe. Does the GDPR ensure an aligned approach?

The GDPR aims to establish a uniform legal framework applicable to the processing of personal data across Europe, while allowing Member States to legislate differently with regard to specific matters. One of those matters is the processing of personal data for scientific ...Mehr lesen

Data Privacy And Protection Regulations In Nigeria

Challenges Confronting Implementation Of Data Privacy And Protection Regulations In Nigeria ...Mehr lesen

Schrems II recommendations

Important recommendations EDPB (European Data Protection Board) after Schrems II and new standard contractual clauses ...Mehr lesen

5th annual INPLP conference

The International Network of Privacy Law Professionals hosted its 5th annual conference ...Mehr lesen

600.000 EUR fine to Google Belgium for misapplying the right to be forgotten

The right to be forgotten is one of the more complex rights in the GDPR, requiring a careful balancing of principles and interests. In a recent case before the Belgian data protection authority, Google Belgium was accused of interpreting the right too narrowly. The ...Mehr lesen

Romanian DPA fines the lack of cooperation with the supervisory authority

The Romanian Data Protection Authority ("Romanian DPA") has recently sanctioned three entities (two private companies and a homeowners association) for lack of cooperation with the supervisory authority, imposing on these entities administrative fines of EUR 2,000 ...Mehr lesen

Slovak country-wide COVID-19 testing from the perspective of personal data protection

Slovakia has recently witnessed a significant increase in the number of confirmed COVID-19 cases. The country exceeded the threshold of one thousand cases per day on Oct. 7. Only about a week later, tests revealed over 2.000 infected people per day. ...Mehr lesen

The handbook on the protection of privacy by transport entities in a digital environment in Israel

The Israeli Privacy Protection Authority published a handbook for transport entities on the protection of privacy by in a digital environment (the “Guidance”). ...Mehr lesen

GDPR versus ISO 27701

Although some jurisdiction such as EU's GDPR provide a mechanism for an organization to demonstrate its compliance to GDPR (Article 42 and 43), assessment programs representing this mechanism is not yet available. On the other hand, businesses would like to have ...Mehr lesen

Startschuss für die Arbeitsgruppensitzung zur Ö-Cloud

Das Soucing International Team, repräsentiert von Dr. Tobias Höllwarth, ist stolz von Ministerin Margarete Schramböck zum Projekt Ö-Cloud eingeladen zu sein und die Arbeitsgruppe Zertifizierung zu repräsentieren. ...Mehr lesen

Enforcement of GDPR Infringements by Third Parties – First Decision of the Austrian Supreme Court

While the GDPR deals extensively with the rights and claims of data subjects, it mainly leaves the provisions for the assertion of such claims by third parties to the member states and their courts. In a recent decision, the Austrian Supreme Court now addressed this ...Mehr lesen

Report on the State of Privacy in Slovakia

The Office for Personal Data Protection of the Slovak Republic (hereinafter referred to as “Office”) pursuant to the provisions of § 81 para. 2, par. k) of Act no. 18/2018 Coll. on the protection of personal data and on amendments to certain acts shall submit to the ...Mehr lesen

The Danish Data Protection Agency has published new rulings regarding email encryption within the security of processing area

Article 32 of the GDPR on the security of processing has been one of the main focus areas of the Danish Data Protection Agency (the DDPA) in 2019. ...Mehr lesen

The Belgian data protection authority issues a fine for unlawful use of the national identity card as a tool for customer card enrolment

The Belgian electronic identity card system has been in vogue for a number of years now as a reliable means for electronic identification. It relies principally on the official national register number to identify citizens. Private sector use of that number is however ...Mehr lesen

StarAudit Area 7 (GDPR) becomes mandatory starting from 2020

The most recent version of the StarAudit Catalogue v4.0 (Rev. 03) will be the mandatory version to be used in audits from 2020. ...Mehr lesen

Administrative fine of 14.500.000 Euro imposed against German Real Estate Company

The Berlin Data Protection Authority has imposed an administrative fine against a Berlin real estate company for 14,5 Million euros due to violations of GDPR regulations ...Mehr lesen

Conditions for imposing administrative fines – The German Data Protection Authorities’ approach

On 16 October 2019, the German Data Protection Authorities (DPAs) published their concept of how to determine administrative fines. ...Mehr lesen

iGaming and Privacy in Malta: Tensions?

Data, and not FIAT or digital currency, is the real currency that measures the worth of a gambling operation, and the single common feature between every gaming operator. ...Mehr lesen

2-Tagestraining Cloud Qualitätssicherung

Teilnehmer von,,, und nahmen erfolgreich an einem zweitägigen Seminar zum Thema Cloud-Qualitätssicherung und Compliance teil. ...Mehr lesen

CNIL on monitoring employee software / internet use

Use of video recording of screens, coupled with recordings of telephone conversations in a professional setting, may be proportionate if used only for staff training ...Mehr lesen

New European judgment on cookies

In its recent judgment in the “Planet49 case”, the Court of Justice of the European Union (“CJEU”) held that consent for cookies cannot be lawfully established through the use of pre-ticked boxes and that clear and comprehensive information should be given to the website ...Mehr lesen

Vorgeschlagener Washington Privacy Act verstärkt Rufe nach Nationalem Gesetz

Im Fahrwasser der EU-DSGVO und des California Consumer Privacy Act (CCPA) fügt sich nun auch der Bundesstaat Washington in die wachsende Gruppe von US-Staaten, die Vorschläge für eigene Datenschutzgesetze diskutieren. Die im Januar 2019 eingebrachte Gesetzesvorlage ...Mehr lesen

If at First You GDPR, CCPA, CCPA Again

The California Consumer Privacy Act (CCPA), which takes effect in 2020, has been dubbed “GDPR-Lite” or “California GDPR” because it shares many concepts and compliance obligations with the EU General Data Protection Regulation (GDPR). Both include expanded disclosure ...Mehr lesen

Would you like some cookies?

When users browse through the internet, cookies perform multi-faceted functions for the benefit of both the webmasters and users accordingly. Following long-established privacy protections and in light of the GDPR, users browsing through the World Wide Web must be given ...Mehr lesen

Cloud als Chance – was verbindet Start-ups in der Schweiz mit der Cloud?

Wie nutzen Start-ups und Start-up-Netzwerke am Wirtschaftsstandort Schweiz die Cloud? Ist die Cloud mehr eine Chance oder nur Enabler? Dies ist im Lichte der Marktdominanz von globalen Cloud-Services-Providern wie Amazon, Alibaba, Google und Microsoft zu betrachten, die ...Mehr lesen