Copenhagen-based law firm fined for failing to implement basic security measures

A Copenhagen-based law firm has just been fined DKK 500,000, approx. EURO 67,150, for failing to implement basic security measures when setting up remote access to the firm's IT systems containing personal data of a particularly sensitive nature. Furthermore, the law ...Mehr lesen

Gaia-X Summit 2022

...Mehr lesen

Standard Contractual Clauses for Cross Border Data Transfers in Hong Kong and Mainland China

Businesses around the world now face strict rules governing the cross-border transfer of personal data. Like as has happened in Europe, the privacy authorities in Hong Kong SAR and Mainland China has been active recently in clarifying issues around cross-border data ...Mehr lesen

Modernizing Canada’s Federal Privacy Law

This article discusses Bill C-27, the recently introduced Federal legislation to update Canada’s private sector privacy law. The bill revives some aspects of the former bill (C-11), refines others, and introduces several novel provisions. ...Mehr lesen

How India’s new draft Telecom Law may impact Data Privacy

India recently released a new draft Telecommunications Bill, 2022, which is currently open to public consultation. This Bill would repeal and replace laws that are decades and in some cases, over a century old. The Bill has already been receiving some backlash against ...Mehr lesen

EU Regulators Elevate the Threshold of Compliance around Data Subject Access Requests.

The European Data Protection Board and the Irish Data Protection Commission have recently published guidelines for businesses in relation to Data Subject Access Requests ("DSARs"). Both sets of guidlines signal that high standards of compliance are expected from ...Mehr lesen

China's Measures for Security Assessment for Outbound Data Transfer

China’s Measures for Security Assessment for Outbound Data Transfer came into effect on 1 Sep 2022. The Measures require risk assessment, data transfer agreement and continuous monitoring to be conducted for organizations who transfer data (not just personal data but ...Mehr lesen

Same data protection guarantees around the world?

The privacy team of ECIX GROUP has carried out a comparative analysis focused on the existing different data protection regulations thinking in those clients of the firm with an international presence. In addition, you will have access to a map including a comparative ...Mehr lesen

A new member has joined the INPLP: Alexandra Orbezo (Peru)

...Mehr lesen

Ecuadorian Digital Transformation Policy: Data Protection implications

The current Ecuadorian government is about to issue a new digital transformation policy. Once the working tables have closed, the draft version of the policy brings some important issues that have relevant personal data protection implications as even the large-scale ...Mehr lesen

The CNIL reminds us of the rules on e-marketing and the rights of individuals

Companies have long used e-marketing to facilitate their development and attract new customers, and in our digital world, reliance on such strategies is ever-increasing. As e-marketing strategies involve the processing of personal data, unsurprisingly, e-marketing is ...Mehr lesen

The Baltic DPAs to carry out joint supervision in the field of short-term rental of vehicles

This summer, the data protection authorities (DPAs) of the three Baltic States – Estonia, Latvia and Lithuania – announced that they will carry out preventive joint supervision in the field of short-term rental of vehicles (e.g., electric scooters). The purpose of the ...Mehr lesen

A new member has joined the INPLP: Andrés Terán (Ecuador)

...Mehr lesen

Reference to trade secret outruled as a reason to deny access to voice recordings in Hungary

The Hungarian data protection authority confirmed in a new case that the controller cannot block access to voice recordings by customers by referring to trade secret rules and highlighted the importance to correctly assessing the information in each case a customer ...Mehr lesen

The Metaverse and privacy: guidance by the spanish data protection authority

The Metaverse uses a variety of technologies such as AR and VR, DLTs (Blockchain), AI, IoT, IoRT, 5G, that enable the creation of immersive virtual environments and generate a multisensory experience for the user within the framework of web 3.0. Brands, firms and ...Mehr lesen

Careful where you point that thing: the right to be forgotten is picky when it comes to targeting

The right to be forgotten is one of the most frequently referenced and misunderstood parts of the GDPR. Like most data subject rights, its actual value is very relative and varies from case to case. A recent decision from the Belgian data protection authority reminds us ...Mehr lesen

Data Protection Law and the culture change in the laboral routines of companies: the use of the data protection theme as a strategic tool

Despite being clear that Brazil’s Data Protection Law (”LGPD”) applies to employment relationships, it is not usual to discuss the practical conduct that should already have been adopted by Brazilian companies in order to be compliant with the legislation from a labor ...Mehr lesen

Gaia-x Summit22 Paris

Das Gaia-X Summit ist die größte und jährlich stattfindende Veranstaltung der Gaia-X AISBL. Es findet von 17. bis 18. November in Paris statt. ...Mehr lesen

FOUR YEARS OF GDPR: The Danish approach to data protection, or absence thereof?

25th May 2022 marked the 4th anniversary of the entry into force of the General Data Protection Regulation (GDPR) and the announcement of sanctions with a deterrent effect. However, the obligation to issue fines that are effective, proportionate and dissuasive has not ...Mehr lesen

Bulgarian PDPC adopted a list of processing operations requiring prior consultation

Bulgarian PDPC has adopted a list of processing operations that require prior consultation which is addressed to the authorities subject to Directive (EU) 2016/680. This list does not directly applies to the accitvities of the controllers and processors subject to GDPR, ...Mehr lesen

Gaia-X Hub Austria am European Forum Alpbach

...Mehr lesen

Largest cyber attack in the history of Costa Rica: Does the state of emergency continue?

On May 11, 2022, the Costa Rican government declared a National State of Emergency throughout the public sector for cybercrimes suffered by various public institutions (Executive Decree 43542-MP-MICITT). Two international cybercriminal organizations claimed ...Mehr lesen

The Annual Report for 2021 of the Macedonian Personal Data Protection Agency is released

Compared to the previous year, the number of supervisions carried out in 2021 by the Macedonian Personal Data Protection Agency is increased by 29%. ...Mehr lesen

A brief overview of the legal framework for the use of cookies on websites in Austria

The question of cookies and data protection is always present, but what are cookies, are they always person-related, what is the legal framework for the use of cookies and how must a cookie banner be designed? The Austrian DPA has already examined these questions. ...Mehr lesen

Gaia-X Hub Austria @ EFA

Daten-Souveränität für eine nachhaltig wettbewerbsfähige Gesellschaft: Wie kann Gaia-X den österreichischen Unternehmen und dem Digitalstandort Österreich helfen? ...Mehr lesen

Use of Google analytics (still) breaches the GDPR – austrian data protection authority rejects risk based approach

The Austrian Data Protection Authority (DPA) decided in another decision (22nd of April 2022, D155.026, 2022-0.298.191) that the use of Google Analytics (GA) is (still) violating the GDPR. The DPA held that the transfer of personal data to the US in light of the Schrems ...Mehr lesen

Klarna Bank AB - the importance of transparency in privacy notices

Earlier this spring, the Swedish Authority for Privacy Protection issued an administrative fine of approximately EUR 724 000 against Klarna Bank AB, a global leading FinTech and payments company, following their investigation of the company, which showed that Klarna did ...Mehr lesen

Can an employer ask the candidate to provide him with a court certificate that criminal proceedings are not being conducted against him

When establishing an employment relationship, employers often ask the candidates for a court confirmation that no criminal proceedings are being conducted against them. The adoption of the new Data Protection Law in Serbia has raised the question whether such a request ...Mehr lesen

Gaia-X Hub Austria entering its next operational phase

...Mehr lesen

A new member has joined the INPLP: Fabian Solis (Costa Rica)

...Mehr lesen

Gaia-X Austria stakeholder meeting in Vienna

...Mehr lesen

Finding a balance between fighting crime and privacy – the use of metadata

Last April, the Portuguese Constitutional Court declared unconstitutional the provisions of articles 4, 6, and 9 of Law 32/2008 of July 17, which transposed into Portuguese law Directive 2006/24/EC of March 15, on the retention of data generated or processed in ...Mehr lesen

Can audio surveillance be justified?

At the end of 2021, the Estonian Data Protection Inspectorate (DPA) issued a precept to a gas station using audio surveillance in its service stations, requiring them to, among other things, stop using audio surveillance. In the DPA’s opinion, audio surveillance could ...Mehr lesen

China’s New Regulations on Controlling Algorithmic Recommendations in Applications

The Cyberspace Administration of China (CAC) has circulated the Regulations on the Management of Algorithm Recommendations for Internet Information Services Provisions") since August 2021. The Regulations has been put in effect on 1 Mar 2022. The enactment of the ...Mehr lesen

Three criteria for the elaboration of the Regulation to the Ecuadorian data protection law

Ecuador continues to build its personal data protection system, for which those responsible for developing the regulation must properly understand and apply the criteria of the regulatory model that was assumed with the Personal Data Protection Law. Abstraction and ...Mehr lesen

Unpacking the New Privacy Regime in India: The When, Who, What, and How?

The new Indian Privacy law mimics GDPR when it requires a ‘privacy by design’ architecture, sets up a central data protection authority, and mandates heavy fines for non-compliance! And, if this new bill has even a fraction of the seminal impact that GDPR had on European ...Mehr lesen

The destruction of the algorithm: the new sanction for breaching the GDPR?

Since 2019, The Federlñ Trade Commission (FTC) has been seeking ways to punish the new digital unfair practices, consisting on illegally obtaining personal information from Internet users and exploit it with artificial intelligence tools. In this case, the punishment ...Mehr lesen

Personal data protection in Ecuador, a few steps forward

The process of designating the Personal Data Protection Authority, the next milestone in the construction of the national data protection system in Ecuador, begins. ...Mehr lesen

CCTV monitoring and the practice of the Hungarian DPA

CCTV monitoring has long been a key field for the Hungarian DPA. The article summarizes the DPA’s practice, as well as the related latests updates. ...Mehr lesen

Schrems II resolved? Unpacking the EU-US Trans-Atlantic Data Privacy Framework

The United States and the European Commission have agreed in principle to a new Trans-Atlantic Data Privacy Framework (the ‘Framework’) to foster EU-US data flows and address the concerns raised by the Court of Justice of the European Union (‘CJEU’) in the now infamous ...Mehr lesen

Important concepts in cross-border transfer of data from China

The Data Security Law (“DSL”) and Personal Information Protection Law (“PIPL”) of mainland China, which came into force last year, play an important role in regulating data privacy in mainland China, alongside the existing Cybersecurity Law (“CSL”). These three laws ...Mehr lesen

First European Code of Conduct for the pharma industry approved

A Code of Conduct regulating the processing of personal data in the field of clinical trials and other clinical research and pharmacovigilance has been approved. The code of conduct, promoted by Farmaindustria in Spain, regulates how the promoters of clinical studies ...Mehr lesen

CNIL orders 3 websites to stop using Google Analytics

The French supervisory authority has adopted 3 formal notices against famous French websites requiring them to stop using Google Analytics because of unlawful data transfers to the United States. ...Mehr lesen

The Polish DPA rules about the right to access the personal data contained in trackers

The Polish DPA (the President of the Personal Data Protection Office, further as "the Polish DPA") has reprimanded a webiste operator for infringing article 6(1), article 15 (1) and article 15 (3) GDPR. The Polish DPA also ordered the webiste operator to erase data ...Mehr lesen

INPLP Activity Report 2021 published

The past year was immensely impactful for the INPLP and characterized by strong collaboration, hard work, continued growth of the network, and finally another physical conference in Vienna. Striving for ambitious expansion while strengthening international relations was ...Mehr lesen

The Telecommunication Telemedia Data Protection Act – a new “cookie law” for Germany

On 1 December 2021, the Telecommunication Telemedia Data Protection Act (“TTDSG”) came into effect. Amongst others, it was meant to clear up long-standing ambiguities in relation to the implementation of the EU ePrivacy Directive in Germany, particularly regarding ...Mehr lesen

Dutch GDPR class action against Oracle and Salesforce declared inadmissible

The first major GDPR class action under the Dutch Act on Mass Damages Settlement in Class Actions (WAMCA) has been declared inadmissible before a substantive assessment could take place. ...Mehr lesen

2021 in GDPR fines

The EU General Data Regulation (GDPR) is among the world's toughest data protection laws. In this article you will have a general overview about the fines imposed by control authorities in 2021. ...Mehr lesen

Bulgarian Supreme Administrative Court with Decision on Processing Data for Journalistic Purposes

Bulgarian Supreme Administrative Court issued a decision setting out criteria relevant for assessing the balance between the right to freedom of expression and information and the right to the protection of personal data. ...Mehr lesen

UK’s proposed data protection reforms - a step in the wrong direction?

The proposed reforms to data protection laws by the UK government are ones that have been longed promised in a post-Brexit world and their aim is to create an ambitious, pro-growth and innovation-friendly data protection regime. This article explores some of the key ...Mehr lesen