Klarna Bank AB - the importance of transparency in privacy notices

Earlier this spring, the Swedish Authority for Privacy Protection issued an administrative fine of approximately EUR 724 000 against Klarna Bank AB, a global leading FinTech and payments company, following their investigation of the company, which showed that Klarna did ...Mehr lesen

Can an employer ask the candidate to provide him with a court certificate that criminal proceedings are not being conducted against him, when establishing an employment relationship?

When establishing an employment relationship, employers often ask the candidates for a court confirmation that no criminal proceedings are being conducted against them. The adoption of the new Data Protection Law in Serbia has raised the question whether such a request ...Mehr lesen

Gaia-X Hub Austria entering its next operational phase

...Mehr lesen

Gaia-X Austria stakeholder meeting in Vienna

...Mehr lesen

Finding a balance between fighting crime and privacy – the use of metadata

Last April, the Portuguese Constitutional Court declared unconstitutional the provisions of articles 4, 6, and 9 of Law 32/2008 of July 17, which transposed into Portuguese law Directive 2006/24/EC of March 15, on the retention of data generated or processed in ...Mehr lesen

Can audio surveillance be justified?

At the end of 2021, the Estonian Data Protection Inspectorate (DPA) issued a precept to a gas station using audio surveillance in its service stations, requiring them to, among other things, stop using audio surveillance. In the DPA’s opinion, audio surveillance could ...Mehr lesen

China’s New Regulations on Controlling Algorithmic Recommendations in Applications

The Cyberspace Administration of China (CAC) has circulated the Regulations on the Management of Algorithm Recommendations for Internet Information Services Provisions") since August 2021. The Regulations has been put in effect on 1 Mar 2022. The enactment of the ...Mehr lesen

Three criteria for the elaboration of the Regulation to the Ecuadorian data protection law

Ecuador continues to build its personal data protection system, for which those responsible for developing the regulation must properly understand and apply the criteria of the regulatory model that was assumed with the Personal Data Protection Law. Abstraction and ...Mehr lesen

Unpacking the New Privacy Regime in India: The When, Who, What, and How?

The new Indian Privacy law mimics GDPR when it requires a ‘privacy by design’ architecture, sets up a central data protection authority, and mandates heavy fines for non-compliance! And, if this new bill has even a fraction of the seminal impact that GDPR had on European ...Mehr lesen

The destruction of the algorithm: the new sanction for breaching the GDPR?

Since 2019, The Federlñ Trade Commission (FTC) has been seeking ways to punish the new digital unfair practices, consisting on illegally obtaining personal information from Internet users and exploit it with artificial intelligence tools. In this case, the punishment ...Mehr lesen

Personal data protection in Ecuador, a few steps forward

The process of designating the Personal Data Protection Authority, the next milestone in the construction of the national data protection system in Ecuador, begins. ...Mehr lesen

CCTV monitoring and the practice of the Hungarian DPA

CCTV monitoring has long been a key field for the Hungarian DPA. The article summarizes the DPA’s practice, as well as the related latests updates. ...Mehr lesen

Schrems II resolved? Unpacking the EU-US Trans-Atlantic Data Privacy Framework

The United States and the European Commission have agreed in principle to a new Trans-Atlantic Data Privacy Framework (the ‘Framework’) to foster EU-US data flows and address the concerns raised by the Court of Justice of the European Union (‘CJEU’) in the now infamous ...Mehr lesen

Important concepts in cross-border transfer of data from China

The Data Security Law (“DSL”) and Personal Information Protection Law (“PIPL”) of mainland China, which came into force last year, play an important role in regulating data privacy in mainland China, alongside the existing Cybersecurity Law (“CSL”). These three laws ...Mehr lesen

First European Code of Conduct for the pharma industry approved

A Code of Conduct regulating the processing of personal data in the field of clinical trials and other clinical research and pharmacovigilance has been approved. The code of conduct, promoted by Farmaindustria in Spain, regulates how the promoters of clinical studies ...Mehr lesen

CNIL orders 3 websites to stop using Google Analytics

The French supervisory authority has adopted 3 formal notices against famous French websites requiring them to stop using Google Analytics because of unlawful data transfers to the United States. ...Mehr lesen

The Polish DPA rules about the right to access the personal data contained in trackers

The Polish DPA (the President of the Personal Data Protection Office, further as "the Polish DPA") has reprimanded a webiste operator for infringing article 6(1), article 15 (1) and article 15 (3) GDPR. The Polish DPA also ordered the webiste operator to erase data ...Mehr lesen

INPLP Activity Report 2021 published

The past year was immensely impactful for the INPLP and characterized by strong collaboration, hard work, continued growth of the network, and finally another physical conference in Vienna. Striving for ambitious expansion while strengthening international relations was ...Mehr lesen

The Telecommunication Telemedia Data Protection Act – a new “cookie law” for Germany

On 1 December 2021, the Telecommunication Telemedia Data Protection Act (“TTDSG”) came into effect. Amongst others, it was meant to clear up long-standing ambiguities in relation to the implementation of the EU ePrivacy Directive in Germany, particularly regarding ...Mehr lesen

Dutch GDPR class action against Oracle and Salesforce declared inadmissible

The first major GDPR class action under the Dutch Act on Mass Damages Settlement in Class Actions (WAMCA) has been declared inadmissible before a substantive assessment could take place. ...Mehr lesen

2021 in GDPR fines

The EU General Data Regulation (GDPR) is among the world's toughest data protection laws. In this article you will have a general overview about the fines imposed by control authorities in 2021. ...Mehr lesen

Bulgarian Supreme Administrative Court with Decision on Processing Data for Journalistic Purposes

Bulgarian Supreme Administrative Court issued a decision setting out criteria relevant for assessing the balance between the right to freedom of expression and information and the right to the protection of personal data. ...Mehr lesen

UK’s proposed data protection reforms - a step in the wrong direction?

The proposed reforms to data protection laws by the UK government are ones that have been longed promised in a post-Brexit world and their aim is to create an ambitious, pro-growth and innovation-friendly data protection regime. This article explores some of the key ...Mehr lesen

6th INPLP conference – great success

The 6th INPLP Conference was successfully held in Vienna under the auspices of EuroCloud Europe and organised by Sourcing International. ...Mehr lesen

Upcoming: the 6th INPLP annual conference

Vienna, Austria
19 - 21 November 2021 ...Mehr lesen

Ö-Cloud Gütesiegel geht “live”

...Mehr lesen

Die Cloud, die Gesundheit und die Bank

360° Cloud Webinar Nr. 2, 22.6.2021 um 19:00-20:00 Uhr ...Mehr lesen

Die Cloud, die Beauty und der Großkonzern

360° Cloud Webinar Nr. 1, 21.5.2021 um 14:00-15:00 Uhr ...Mehr lesen

Das Frühlingsevent von EuroCloud Swiss

Swissness in der Cloud ...Mehr lesen

Pharma IT Compliance

Die Schnittstelle von IT und Qualitätssicherung unter dynamischen Rahmenbedingungen ...Mehr lesen

Letter to the EDPB in response to the recently adopted recommendations published by the EDPB

With a letter to the European Data Protection Board (EDPB), the International Network of Privacy Law Professionals (INPLP) made use of the opportunity to provide comments on the recently adopted recommendations published by the EDPB. ...Mehr lesen

EDM erhält 4-Sterne-Zertifikat

Der Cloud-Dienst des Bundesministeriums für Klimaschutz, Umwelt, Energie, Mobilität, Innovation und Technologie (BMK) erhält zum vierten Mal das EuroCloud StarAudit-Zertifikat. Auditoren bestätigenein außerordentlich hohes Niveau in Bezug auf ...Mehr lesen

Monaco: the 2019 Report of the Personal Data Protection Authority published

The Monegasque Data Protection Authority (hereinafter “CCIN”) has just published its 11th Activity Report covering the year 2019, of which here is an overview. ...Mehr lesen

A Path Forward – Draft Guidance Published For Dealing With International Data Transfers Post-Schrems II

In the wake of the decision of the Court of Justice of the European Union (CJEU) in Schrems II, controllers and processors have been working closely with legal advisors to find a compliant way to transfer personal data outside of the European Economic Area (EEA). ...Mehr lesen

Scientific Research across Europe. Does the GDPR ensure an aligned approach?

The GDPR aims to establish a uniform legal framework applicable to the processing of personal data across Europe, while allowing Member States to legislate differently with regard to specific matters. One of those matters is the processing of personal data for scientific ...Mehr lesen

Data Privacy And Protection Regulations In Nigeria

Challenges Confronting Implementation Of Data Privacy And Protection Regulations In Nigeria ...Mehr lesen

Schrems II recommendations

Important recommendations EDPB (European Data Protection Board) after Schrems II and new standard contractual clauses ...Mehr lesen

5th annual INPLP conference

The International Network of Privacy Law Professionals hosted its 5th annual conference ...Mehr lesen

600.000 EUR fine to Google Belgium for misapplying the right to be forgotten

The right to be forgotten is one of the more complex rights in the GDPR, requiring a careful balancing of principles and interests. In a recent case before the Belgian data protection authority, Google Belgium was accused of interpreting the right too narrowly. The ...Mehr lesen

Romanian DPA fines the lack of cooperation with the supervisory authority

The Romanian Data Protection Authority ("Romanian DPA") has recently sanctioned three entities (two private companies and a homeowners association) for lack of cooperation with the supervisory authority, imposing on these entities administrative fines of EUR 2,000 ...Mehr lesen

Slovak country-wide COVID-19 testing from the perspective of personal data protection

Slovakia has recently witnessed a significant increase in the number of confirmed COVID-19 cases. The country exceeded the threshold of one thousand cases per day on Oct. 7. Only about a week later, tests revealed over 2.000 infected people per day. ...Mehr lesen

The handbook on the protection of privacy by transport entities in a digital environment in Israel

The Israeli Privacy Protection Authority published a handbook for transport entities on the protection of privacy by in a digital environment (the “Guidance”). ...Mehr lesen

GDPR versus ISO 27701

Although some jurisdiction such as EU's GDPR provide a mechanism for an organization to demonstrate its compliance to GDPR (Article 42 and 43), assessment programs representing this mechanism is not yet available. On the other hand, businesses would like to have ...Mehr lesen

Startschuss für die Arbeitsgruppensitzung zur Ö-Cloud

Das Soucing International Team, repräsentiert von Dr. Tobias Höllwarth, ist stolz von Ministerin Margarete Schramböck zum Projekt Ö-Cloud eingeladen zu sein und die Arbeitsgruppe Zertifizierung zu repräsentieren. ...Mehr lesen

Enforcement of GDPR Infringements by Third Parties – First Decision of the Austrian Supreme Court

While the GDPR deals extensively with the rights and claims of data subjects, it mainly leaves the provisions for the assertion of such claims by third parties to the member states and their courts. In a recent decision, the Austrian Supreme Court now addressed this ...Mehr lesen

Report on the State of Privacy in Slovakia

The Office for Personal Data Protection of the Slovak Republic (hereinafter referred to as “Office”) pursuant to the provisions of § 81 para. 2, par. k) of Act no. 18/2018 Coll. on the protection of personal data and on amendments to certain acts shall submit to the ...Mehr lesen

The Danish Data Protection Agency has published new rulings regarding email encryption within the security of processing area

Article 32 of the GDPR on the security of processing has been one of the main focus areas of the Danish Data Protection Agency (the DDPA) in 2019. ...Mehr lesen

The Belgian data protection authority issues a fine for unlawful use of the national identity card as a tool for customer card enrolment

The Belgian electronic identity card system has been in vogue for a number of years now as a reliable means for electronic identification. It relies principally on the official national register number to identify citizens. Private sector use of that number is however ...Mehr lesen

StarAudit Area 7 (GDPR) becomes mandatory starting from 2020

The most recent version of the StarAudit Catalogue v4.0 (Rev. 03) will be the mandatory version to be used in audits from 2020. ...Mehr lesen

Administrative fine of 14.500.000 Euro imposed against German Real Estate Company

The Berlin Data Protection Authority has imposed an administrative fine against a Berlin real estate company for 14,5 Million euros due to violations of GDPR regulations ...Mehr lesen