A new member has joined the INPLP: Bartlett D. Morgan (Barbardos)

...Mehr lesen

A new member has joined the INPLP: Laura Fannin (Ireland)

...Mehr lesen

The interplay between contractual relations and the GDPR’s security principle: A lesson from France

Security breaches and data loss are a core concern of any controller or processor. What possible avenues of redress can a Controller have when data losses are caused due to failings by its Processor? A recent case from the Lille Commercial Court in the context of the OVH ...Mehr lesen

First European Report on the Use of Cloud Computing in the Public Sector From the Privacy Perspective

The Spanish DPA (AEPD) just published the conclusions of this first European report, coordinated by the European Data Protection Board, on the use of cloud in the public sector. This article summarizes its privacy and data protection implications. ...Mehr lesen

The largest bank in Denmark - Danske Bank - is set to be fined DKK 10 million (approximately € 1.35 million)

The Danish Data Protection Authority has found that the largest bank in Denmark - Danske Bank - has failed to demonstrate that it has deleted personal data in accordance with GDPR and has therefore reported Danske Bank to the police and imposed a fine of DKK 10 million ...Mehr lesen

Data Controller Registry Requirement in Turkey

In accordance with Personal Data Protection Law No. 6698 (the “DPL”) and the Regulation on Data Controllers’ Registry (“Regulation”), data controllers must be registered with the Data Controllers’ Registry (“VERBIS”) in Turkey. There are certain thresholds in terms of ...Mehr lesen

Do you think that a black van serves only transportation purposes? Well, maybe you want to reconsider your opinion!

How Cyprus found itself in the epicenter of the spy scandal in Greece ...Mehr lesen

The lists for financial support for vulnerable categories of citizens must be removed from the web sites of the competent authorities.

The lists for financial support for vulnerable categories of citizens may be available to the public only during the duration of the deadline for submitting of an objection by the affected beneficiary ...Mehr lesen

Personal Data Protection Act: Ecuador’s Current Challenges

A highly advanced Personal Data Protection Law to become into force on May 31st 2023, brings some challenges to Ecuador’s economy while preparing for compliance. We will get into some challenges Ecuador is facing on these last months of preparations. ...Mehr lesen

The year of “Google Fonts” warning letters

Last year, there were some positive developments in related to data protection law. Unfortunately there were also bad ones in which Google Fonts were involved and had some impact on how German websites are build. ...Mehr lesen

Is There Any Legal Protection for the Personal Data of a Tourist in Nigeria?

Article 1.2 of the Nigeria Data Protection Regulation (NDPR) 2019 provides the extent and limit of the territorial application of the NDPR and NDPR Implementation Framework (Framework) 2020. According to Article 1.2(b), NDPR, applies to natural persons residing in ...Mehr lesen

The French doctrine on the use of the cloud tested against free American solutions for education

After a member of the French Parliament warned about the potential unlawfulness of using Office 365 and Google Workspace for free in schools, the French Minister of Education and Youth decided to ban their use in French schools. ...Mehr lesen

Facial Recognition Technology and Data Protection: How to comply?

The development of facial recognition technology has introduced many possibilities to increase cybersecurity, productivity, and public safety. However, the Serbian Law on Personal Data Protection calls for increased attention to compliance among both governmental and ...Mehr lesen

‘Mere Upset’ Not Sufficient for GDPR Compensation Claims

On 6 October 2022, Advocate General Manuel Campos Sánchez-Bordona issued an opinion concerning the right to compensation for non-material damage under the GDPR (the “Opinion”). The Advocate General found that data subjects are not entitled to compensation for ...Mehr lesen

Activity of the personal data supervisory authority of Monaco in 2021

The Personal Data Supervisory Authority (hereinafter "CCIN") has published its 13th Activity Report covering the year 2021. This article outlines the interventions of the CCIN regarding complaints addressed to it by data subjects (1) and the decisions of the Monegasque ...Mehr lesen

Responsible use of AI based tools in medical diagnosis and treatment – the AI sandbox

In 2021, the Norwegian Data Processing Authority (DPA) established a regulatory test environment (“sandbox”) for Artificial Intelligence (AI). The purpose of the sandbox is that companies and government agencies can collaborate with the DPA when developing and testing AI ...Mehr lesen

The Panamanian Data Protection Law

The Data Protection Law entered into force in March 2021, two years after its publication on March 29, 2019. This law -although imperfect- was a pending issue that had the Panamanian State in terms of privacy of the information of its citizens. ...Mehr lesen

Data Protection and Press Freedom in the panamanian framework

In 2022, the Panamanian Data Protection Authority sanctioned the digital media for publishing a public document without the consent. ...Mehr lesen

Transfers of personal data in early stages of technology transactions or M&As.

As part of negotiations, due diligence, preliminary reviews and analysis, a party may request or need certain information containing personal data of employees, customers, suppliers and/or business partners of other parties involved in the transaction. Below are some ...Mehr lesen

UK ICO's new approach to publishing details of complaints, breach reports and reprimands

The UK Information Commissioner's Office (ICO) has started routinely publishing information about complaints made against organisations by members of the public, self-reported data breaches and reprimands issued by the ICO. Those subject to UK GDPR should be aware of the ...Mehr lesen

Canada’s Proposed Artificial Intelligence and Data Act (AIDA)

This article summarizes the substantive highlights and legislative progress of the proposed Artificial Intelligence and Data Act (AIDA), a part of Bill C-27, which the Canadian Parliament is presently debating. ...Mehr lesen

Bulgarian DPA on the Admissibility of Ongoing Access to Municipality’s Video Surveillance

Bulgarian DPA issued an opinion on the questions from a Bulgarian City Municipality regarding requested ongoing access from the police department to the video recordings of the Municipality video surveillance system. ...Mehr lesen

Argentina - Changes in the Classification and Ranking for Infringements to the Personal Data Protection Law

Trough Resolutions No. 240/2022 and 244/2022 the Agency for Access to Public Information through Resolutions No. 240/2022 and 244/2022 amended the classification and amounts provided by Provision No. 7/2005 and E 71/2016 of the Argentine Direction for the Protection of ...Mehr lesen

A new member has joined the INPLP: Boris Kozlevcar (Slovenia)

...Mehr lesen

What information needs to provided when personal information will be processed by Artifical Intelligence?

If an entity collecting data is not fully transparent about the information that is being collected and how it will be processed and I particular when it is collected by bots or processed by Artificial Intelligence then a data subject is unable to provide the required ...Mehr lesen

Nothing about #SchremsX: What should companies do while EU bodies discuss the draft US adequacy decision?

New US adequacy draft opinion is out. Everyone is talking about #SchremsIII (and IV and X), so I will not. Instead - let's discuss what should US companies involved in EU-US transfers actually be doing now? ...Mehr lesen

Slovenia’s DPA Finds Cloud Computing Provider a (Joint) Controller of Personal Data

Slovenia’s Information Commissioner (IC) ordered a cloud computing provider (a public administration body) to enter into written arrangements with its clients, in accordance with the provisions of Article 26 of GDPR. In its view, the fact that the clients (controllers) ...Mehr lesen

Multiple online pharmacies under investigation for the use of Facebook Pixel

The Swedish Authority for Privacy Protection (“the Swedish DPA”) is currently investigating four online pharmacies in Sweden for their use of Facebook Pixels on their websites which has resulted in the transfer of personal data to Facebook. The investigations were ...Mehr lesen

Analysis of the recent activity of the Portuguese Supervisory Authority - What to expect?

It has been perceived that the sanctioning activity of the Portuguese Supervisory Authority has been fundamentally focused on public entities, which may suggest that for private companies the verification of compliance with GDPR has been less demanding. An example is the ...Mehr lesen

Das sagt der Präsident von Eurocloud Swiss über digitale Souveränität

...Mehr lesen

Biden’s Executive Order – A UK Perspective

This article discusses the content of and responses to President Biden’s executive order implementing the new EU-US Data Privacy Framework and the potential impact on UK data transfers. ...Mehr lesen

Data Act – one of the key regulation proposals for the EU data economy of the future

Data is certainly a valuable commodity for the digital economy and society. As part of the 2020 European Data Strategy, the European regulators are working to develop new rules in order to ensure greater and fairer data flows and unlock the potential and value of data ...Mehr lesen

A new member has joined the INPLP: Burak Ozdagistanli (Turkey)

...Mehr lesen

Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law: what are impacts on data protection?

Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law entered into force on 17 December 2021 in the Member States (the “whistleblowing Directive”). While the transposition ...Mehr lesen

Right of access to data: the Italian Data Protection Authority fines company 70,000 euros for failure to respond fully.

The Italian Data Protection Authority (“Garante Privacy”) has imposed a fine of 70,000 euros on a data controller for failing to provide complete, intelligible and easily accessible response to a request-submitted by one of its employees- to access to data processed as ...Mehr lesen

PPC Introducing a Data Mapping Toolkit for Privacy Protection

The Personal Information Protection Commission (“PPC”), recently published a data mapping tool kit, while using cross-border transfer of personal information as a use case. ...Mehr lesen

The 7th INPLP conference

The 7th INPLP Conference was successfully held in Vienna under the auspices of EuroCloud Europe and organised by Sourcing International. ...Mehr lesen

Copenhagen-based law firm fined for failing to implement basic security measures

A Copenhagen-based law firm has just been fined DKK 500,000, approx. EURO 67,150, for failing to implement basic security measures when setting up remote access to the firm's IT systems containing personal data of a particularly sensitive nature. Furthermore, the law ...Mehr lesen

Gaia-X Summit 2022

...Mehr lesen

Standard Contractual Clauses for Cross Border Data Transfers in Hong Kong and Mainland China

Businesses around the world now face strict rules governing the cross-border transfer of personal data. Like as has happened in Europe, the privacy authorities in Hong Kong SAR and Mainland China has been active recently in clarifying issues around cross-border data ...Mehr lesen

Modernizing Canada’s Federal Privacy Law

This article discusses Bill C-27, the recently introduced Federal legislation to update Canada’s private sector privacy law. The bill revives some aspects of the former bill (C-11), refines others, and introduces several novel provisions. ...Mehr lesen

How India’s new draft Telecom Law may impact Data Privacy

India recently released a new draft Telecommunications Bill, 2022, which is currently open to public consultation. This Bill would repeal and replace laws that are decades and in some cases, over a century old. The Bill has already been receiving some backlash against ...Mehr lesen

EU Regulators Elevate the Threshold of Compliance around Data Subject Access Requests.

The European Data Protection Board and the Irish Data Protection Commission have recently published guidelines for businesses in relation to Data Subject Access Requests ("DSARs"). Both sets of guidlines signal that high standards of compliance are expected from ...Mehr lesen

China's Measures for Security Assessment for Outbound Data Transfer

China’s Measures for Security Assessment for Outbound Data Transfer came into effect on 1 Sep 2022. The Measures require risk assessment, data transfer agreement and continuous monitoring to be conducted for organizations who transfer data (not just personal data but ...Mehr lesen

Same data protection guarantees around the world?

The privacy team of ECIX GROUP has carried out a comparative analysis focused on the existing different data protection regulations thinking in those clients of the firm with an international presence. In addition, you will have access to a map including a comparative ...Mehr lesen

A new member has joined the INPLP: Alexandra Orbezo (Peru)

...Mehr lesen

Ecuadorian Digital Transformation Policy: Data Protection implications

The current Ecuadorian government is about to issue a new digital transformation policy. Once the working tables have closed, the draft version of the policy brings some important issues that have relevant personal data protection implications as even the large-scale ...Mehr lesen

The CNIL reminds us of the rules on e-marketing and the rights of individuals

Companies have long used e-marketing to facilitate their development and attract new customers, and in our digital world, reliance on such strategies is ever-increasing. As e-marketing strategies involve the processing of personal data, unsurprisingly, e-marketing is ...Mehr lesen

The Baltic DPAs to carry out joint supervision in the field of short-term rental of vehicles

This summer, the data protection authorities (DPAs) of the three Baltic States – Estonia, Latvia and Lithuania – announced that they will carry out preventive joint supervision in the field of short-term rental of vehicles (e.g., electric scooters). The purpose of the ...Mehr lesen

A new member has joined the INPLP: Andrés Terán (Ecuador)

...Mehr lesen