Access, Data collection, Government and Personal data

India: New Digital Personal Data Protection Act, Start Planning Now.

DLA Piper Privacy Matters

SEPTEMBER 6, 2023

On 11 August 2023, India’s long-awaited law governing data protection – the Digital Personal Data Protection Act, 2023 ( DPDP Act ) – received the President’s assent and was published in the official gazette the following day. data subjects, using the GDPR terminology) located within India.

Personal data

Personal data GDPR Data breaches Compliance

$10,000,000 civil penalty for disclosing personal data without consent

Data Protection Report

APRIL 30, 2024

The claims related to the company’s sharing personal data without consumer consent and making it very difficult for consumers to cancel their subscriptions to this telehealth service. The complaint alleged that the company’s data handling practices also resulted in unauthorized disclosures of personal information.

Personal data

Personal data Privacy Information governance Compliance

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported. When must breaches be reported?

Personal data

Personal data Data breaches Data collection GDPR

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

TikTok sued over its use of children’s personal data

IT Governance

APRIL 22, 2021

TikTok is again being accused of illegally processing children’s personal data. She alleges that TikTok is violating the GDPR (General Data Protection Regulation) by collecting excessive data and failing to explain what it’s used for. TikTok has continually defended the way it processes children’s personal data.

Personal data

Personal data IT GDPR Privacy

Singapore Releases New Guidelines on the Use of Personal Data in AI Systems

Data Protection Report

MARCH 25, 2024

On 1 March 2024, Singapore’s Personal Data Protection Commission ( PDPC ) issued the Advisory Guidelines on the Use of Personal Data in AI Recommendation and Decision Systems ( AI Advisory Guidelines ). Our blog post on the public consultation for the draft AI Advisory Guidelines can be accessed here.

Personal data

Personal data B2C B2B Data collection

Two FTC complaints that over-retention of personal data violates Section 5

Data Protection Report

FEBRUARY 13, 2024

In both cases, the FTC’s complaint alleged that the companies retained personal data for longer than was necessary, and that conduct violated Section 5 of the Federal Trade Commission Act as an unfair act or practice. Under the proposed consent orders, both companies do not confirm or deny the allegations. Complaint at ¶¶ 18-19).

Personal data

Personal data Privacy Marketing Data collection

Coronavirus app: will Australians trust a government with a history of tech fails and data breaches?

The Guardian Data Protection

APRIL 25, 2020

But it’s an uphill battle due to a long history of secrecy and failures to live up to promises on security and privacy of Australians’ data. Only the health officers in your state will be able to access the unencrypted data. All the data will be deleted on the government’s server at the end of the pandemic.

Government

Government Data breaches Data collection Privacy

Privacy in an open-data world: Why government agencies need to be proactive

Collibra

JUNE 23, 2023

Government agencies — from DC to Duluth, NYC to LA — are struggling. The ever-growing digitalization of our world has raised significant concerns about data privacy and security, particularly for agencies that manage and process sensitive and confidential information. There’s no going back. They must choose both.

Privacy

Privacy Government Data Privacy Data breaches

Florida Comprehensive State Privacy Law Sent to Governor for Signature

Hunton Privacy

MAY 17, 2023

On May 4, 2023, the Florida Senate and House of Representatives voted in favor of sending the Florida Digital Bill of Rights (“FDBR”) and other amendments related to government moderation of social media and protection of children in online spaces ( S.B. Government Moderation of Social Media S.B. Related Statutory Amendments in S.B.

Privacy

Privacy Personal data Sales Government

Data: A New Direction or Misdirection? ICO Responds to UK Government Consultation on Its Proposed New Data Protection Regime

Data Matters

OCTOBER 26, 2021

The ICO’s response to the UK government’s proposals further presents another pivotal moment for UK data protection law. Being the UK’s lead regulator, the ICO’s response is significant and the UK government will need to take into account its responses before draft legislation takes shape.

Government

Government GDPR IT Personal data

Data privacy examples

IBM Big Data Hub

APRIL 24, 2024

These are just some examples of how organizations support data privacy , the principle that people should have control of their personal data, including who can see it, who can collect it, and how it can be used. One cannot overstate the importance of data privacy for businesses today.

Data Privacy

Data Privacy Privacy GDPR Personal data

Austrian DPA Finds Data Transfers Resulting from Analytics Cookie Use to Be in Violation of GDPR Data Transfer Requirements

Hunton Privacy

JANUARY 24, 2022

On August 17, 2020, NOYB filed 101 identical complaints before 30 European Economic Area (“EEA”) data protection authorities regarding the use of Google Analytics and Facebook Connect by various companies. The complaints related to the question of whether transfers of EU personal data to Google and Facebook in the U.S.

Analytics

Analytics GDPR Personal data Data collection

More New York SHIELD Act guidance

Data Protection Report

JULY 12, 2022

In brief, on April 5, 2021, a security researcher contacted Wegmans about a serious flaw the left some of Wegmans’ customers’ personal data available to the public. During its investigation, Wegmans found a second misconfigured container, which was also open to public access.

Passwords

Passwords Data collection Personal data Cloud

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. A data subject is the human being who owns the data.

GDPR

GDPR Compliance Personal data Privacy

CHINA: Clarifications of data classification and grading requirements

DLA Piper Privacy Matters

OCTOBER 3, 2022

Given data classification and grading are mandatory requirements under the Data Security Law and Personal Information Protection Law, organisations should prioritise understanding their data collected and data processing activities within the coming months. Data classification. Next Steps.

Data collection

Data collection Personal data Access Compliance

Maybe This Time : Federal Government Proposes the American Data Privacy and Protection Act

Data Protection Report

JUNE 8, 2022

Moreover, the ADPPA requires companies to minimize their data collection practices to only collecting data that is necessary to the functioning of their businesses. Under the existing draft bill, users would also have the right to correct, access, or erase their own data.

Data Privacy

Data Privacy Privacy Government Data collection

European Commission Publishes Draft of New Standard Contractual Clauses

Hunton Privacy

NOVEMBER 13, 2020

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (“GDPR”), along with its draft set of new standard contractual clauses (the “SCCs”). Key Takeaways.

Personal data

Personal data GDPR Data collection Access

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The GDPR puts forth a litany of rules for how organizations in and outside of Europe handle the personal data of EU residents. The details of any organization’s plan to become fully GDPR compliant will vary based on the data the organization collects and what it does with that data.

GDPR

GDPR Compliance Personal data Privacy

Data protection strategy: Key components and best practices

IBM Big Data Hub

MAY 28, 2024

To fulfill these principles, data protection strategies generally focus on the following three areas: Data security —protecting digital information from unauthorized access, corruption or theft throughout its entire lifecycle. Data breach victims also frequently face steep regulatory fines or legal penalties.

Data breaches

Data breaches GDPR Compliance Encryption

CJEU rules that Privacy Rights Outweigh AML Requirements

DLA Piper Privacy Matters

DECEMBER 1, 2022

Two different Luxembourg-based companies, and their beneficial owners, brought actions before the Luxembourg District Court arguing that the general public’s access to the information should be restricted, because the disclosure would create a disproportionate risk of interference with the fundamental rights of the beneficial owners.

Privacy

Privacy Personal data Risk Data collection

Privacy in a Parallel Digital Universe: The Metaverse

Data Protection Report

JANUARY 25, 2022

One aspect of the metaverse that raises privacy concerns is the vast amount of personal data that may be collected on participating individuals. Companies can monitor physiological responses and biometric data such as facial expressions, vocal inflections, and vital signs in real time while participants are in their metaverse.

Privacy

Privacy Artificial Intelligence Personal data Data collection

HONG KONG: Increased Enforcement Action?

DLA Piper Privacy Matters

NOVEMBER 17, 2022

On 14 November 2022, the Office of the Privacy Commissioner for Personal Data (“PCPD”) published two investigation reports for non-compliance of the Personal Data (Privacy) Ordinance (“PDPO”): EC Healthcare’s failure to obtain consent for the use, disclosure, and transfer of patient’s personal data across its group entities; and.

Personal data

Personal data Data Privacy Compliance Privacy

FRANCE: The CNIL provides further insights following its formal notices against the use of Google Analytics

DLA Piper Privacy Matters

JUNE 13, 2022

The s upplementary measures implemented by Google – whether contractual, organizational, or technical – are ineffective against access requests by US intelligence services. The setup of Google Analytics does not prevent the transfer of personal data outside the EU since all personal data collected via Google Analytics is hosted in the US.

Analytics

Analytics IT Personal data Encryption

CHINA: Important new risks and practical guidance on China data protection, data security, e-commerce and online platform compliance

DLA Piper Privacy Matters

NOVEMBER 16, 2021

The draft Network Data Security Management Regulation (“ Draft Regulation ”) was published for consultation on 14 November 2021, and is very wide-ranging in the compliance areas covered. This is a significant reminder to organisations to start data mapping and assessment of all China data sooner rather than later.

Compliance

Compliance Personal data Security Risk

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

On November 26, 2020, the French Data Protection Authority (the “CNIL”) announced that it imposed a fine of €2.25 million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies.

GDPR

GDPR Personal data Data collection Marketing

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

Notification processes in the event of personal data breach. Subject to specific circumstances data controllers and processors may be required to conduct a privacy impact assessment.

GDPR

GDPR Compliance Data collection Privacy

European Commission Publishes Details of its Forthcoming Data Act

Data Matters

JUNE 18, 2021

The European Commission has formally launched its legislative initiative aimed at increasing access to and further use of data, so that more public and private actors can benefit from technologies such as Big Data and machine learning. a more flexible framework for access and use of private data sources by public bodies; b.

IT

IT Cloud Big data Personal data

Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)

Data Protection Report

JANUARY 20, 2020

In addition, 2019 saw regulators publishing findings in respect of some of the largest data incidents of 2018. Singapore’s Personal Data Protection Commission (“ PDPC ”) imposed the highest fines to date in respect of a cyber-attack on SingHealth’s patient database system affecting 1.5 million patients.

Personal data

Personal data Security Data Privacy GDPR

China’s Data Privacy Law Poses Challenge for International Companies

eSecurity Planet

DECEMBER 1, 2021

China’s Personal Information and Privacy Law (PIPL), enacted early last month, is designed to give more than 1.4 billion people greater control over the data collected by private companies and what those companies can do with the data while preserving the Chinese government’s broad access to their citizens’ personal information.

Data Privacy

Data Privacy Privacy GDPR Data collection

European Union Agrees to Access by U.S. Anti-Terrorism Authorities to Personal Data in Europe

Hunton Privacy

DECEMBER 1, 2009

anti-terrorism authorities access to financial data of individuals located in the EU under certain circumstances. The agreement contains restrictions on access to the data that have been negotiated between the EU and the U.S. ( authorities will not have access to data concerning intra-European transactions; and U.S.

Personal data

Personal data Access Data collection Government

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

APRIL 20, 2021

Level 3: personal financial information. Level 4: payments data. Level 5: important data. Different compliance obligations – relating to data collection, use, storage, transfer, deletion and general security, i.e. throughout the lifecycle of the data – are specified for each level of data.

Compliance

Compliance Security Financial Services Data collection

DCMS Consults on National Data Strategy

Hunton Privacy

SEPTEMBER 15, 2021

On September 10, 2021, the UK Government Department for Digital, Culture, Media & Sport (“DCMS”) launched a consultation on its proposed reforms to the UK data protection regime. Organizations are encouraged to provide input on a range of data protection proposals, some of which are outlined below.

GDPR

GDPR Personal data Risk Communications

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Instead the PIPL is a robust data privacy framework designed to safeguard individuals’ personal data against abuse, but at the same time to reflect cultural and business attitudes to data in China, as well as new technologies (including advances in AI, biometrics and data analytics), and to enable flows of personal data.

Data Privacy

Data Privacy Privacy Compliance Analytics

Essential guidance for employers implementing COVID-19 measures at the workplace

Data Protection Report

SEPTEMBER 16, 2021

As Singapore moves towards living with COVID-19 as an endemic disease, the Government has issued guidance for employers on the COVID-19 measures to be implemented at the workplace. PDPC advisory on the collection of personal data at the workplace for COVID-19 contact tracing.

Personal data

Personal data Data collection Risk Access

The EU’s Highest Court Announces Significant Decision Regarding Cross-Border Data Flows: Invalidates EU-US Privacy Shield Program and Upholds Standard Contractual Clauses

Data Matters

JULY 18, 2020

While the Privacy Shield program and SCCs are not the only approved legal transfer mechanisms under the GDPR, they are, perhaps, the most widely-used, and as result, a key facilitator of international trade and cross-border data flows (particularly, on either side of the Atlantic).

Privacy

Privacy Personal data GDPR Data Privacy

StopCovid: the French contact-tracing app

Data Protection Report

MAY 4, 2020

Following the example of many European countries, the French government plans to introduce a contact tracing app, known as “StopCovid”. No personal data is transferred between any two smartphones and no directly personally identifiable data is transferred to the central server. public transport).

Risk

Risk Personal data GDPR Compliance

China’s First Data Protection Measures Lifting Its Veils

HL Chronicle of Data Protection

JUNE 13, 2019

The scope of application of the Data Security Measures. The data covered by the Data Security Measures includes personal data and important data. Requirements for personal data collection statements. Other items required by laws and administrative regulations.

Personal data

Personal data IT Data collection Compliance

The GDPR: Everything you need to know about data controllers and data processors

IT Governance

NOVEMBER 14, 2018

Responsibilities of the data controller. A data controller takes top-level responsibility for data collection. If you have the authority to determine that information needs to be collected, you are a data controller. How long to retain the data or whether to make non-routine amendments to the data.

GDPR

GDPR Retail Data collection Personal data

Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities

Data Protection Report

OCTOBER 18, 2022

In particular, the CJEU found that: US surveillance laws [2] do not limit access to data for surveillance purposes to what is “necessary and proportionate”; and. EU data subjects are not granted actionable redress in the courts against US authorities, meaning that EU data subjects therefore have no rights to effective remedy.

Personal data

Personal data Privacy Risk Government

Examples of data processing activities that require a DPIA

IT Governance

JUNE 19, 2019

Likewise, a retailer might use personal data collected about an individual to provide targeted ads. Note that the processing must also be extensive (continual monitoring as opposed to occasional checks) and have significant effects (the data reveals something sensitive about the individual). Data matching.

GDPR

GDPR Personal data Risk Data breaches

Federal Trade Commission Hosts Panels Related to Consumer Privacy and Data Security at PrivacyCon

Data Matters

SEPTEMBER 28, 2021

Eric Meyer, Chief Technologist of the FTC, spoke about the FTC’s role in combatting data abuse, and referenced potential approaches to penalties, including forced disclosure of algorithms used to wrongly retrieve data and potential internet access bans.

Privacy

Privacy Security IoT Data breaches

The servant of two masters: ICO and OFCOM Joint Statement on Online Safety and Data Protection – coordination so service providers can comply with both

Data Protection Report

DECEMBER 1, 2022

Balancing online safety and data protection risks. Under the Online Safety Bill, online service providers will be required to mitigate the spread of harmful content and ensure appropriate measures are in place to limit access to age-restricted content. generally not allowed without a separate further consent).

Personal data

Personal data Compliance Privacy Risk

U.S. Commerce Department Proposes Expansion of Information and Communications Technology and Services Review Process

Data Matters

DECEMBER 9, 2021

ownership, control, or management by persons that support a foreign adversary’s military, intelligence, or proliferation activities. ownership, control, or management of connected software applications by persons subject to coercion or cooption by a foreign adversary. the scope and sensitivity of the data collected.

Communications

Communications Manufacturing Data collection Risk

Dutch DPA Publishes Post-GDPR Complaints Report

Hunton Privacy

DECEMBER 18, 2018

On December 13, 2018, the Dutch Data Protection Authority (“ Autoriteit Persoonsgegevens ”) (the “Dutch DPA”) published a report on the complaints it has received since the EU General Data Protection Regulation (“GDPR”) became applicable on May 25, 2018 (the “Report”). View the Report and the press release (in Dutch).

GDPR

GDPR Personal data Data collection Business Services

India: New Digital Personal Data Protection Act, Start Planning Now.

$10,000,000 civil penalty for disclosing personal data without consent

Webinars

Trending Sources

When are schools required to report personal data breaches?

Webinars

TikTok sued over its use of children’s personal data

Singapore Releases New Guidelines on the Use of Personal Data in AI Systems

Two FTC complaints that over-retention of personal data violates Section 5

Coronavirus app: will Australians trust a government with a history of tech fails and data breaches?

Privacy in an open-data world: Why government agencies need to be proactive

Florida Comprehensive State Privacy Law Sent to Governor for Signature

Data: A New Direction or Misdirection? ICO Responds to UK Government Consultation on Its Proposed New Data Protection Regime

Data privacy examples

Austrian DPA Finds Data Transfers Resulting from Analytics Cookie Use to Be in Violation of GDPR Data Transfer Requirements

More New York SHIELD Act guidance

GDPR compliance checklist

CHINA: Clarifications of data classification and grading requirements

Maybe This Time : Federal Government Proposes the American Data Privacy and Protection Act

European Commission Publishes Draft of New Standard Contractual Clauses

How to implement the General Data Protection Regulation (GDPR)

Data protection strategy: Key components and best practices

CJEU rules that Privacy Rights Outweigh AML Requirements

Privacy in a Parallel Digital Universe: The Metaverse

HONG KONG: Increased Enforcement Action?

FRANCE: The CNIL provides further insights following its formal notices against the use of Google Analytics

CHINA: Important new risks and practical guidance on China data protection, data security, e-commerce and online platform compliance

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Guest Post - Three Critical Steps for GDPR Compliance

European Commission Publishes Details of its Forthcoming Data Act

Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)

China’s Data Privacy Law Poses Challenge for International Companies

European Union Agrees to Access by U.S. Anti-Terrorism Authorities to Personal Data in Europe

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DCMS Consults on National Data Strategy

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Essential guidance for employers implementing COVID-19 measures at the workplace

The EU’s Highest Court Announces Significant Decision Regarding Cross-Border Data Flows: Invalidates EU-US Privacy Shield Program and Upholds Standard Contractual Clauses

StopCovid: the French contact-tracing app

China’s First Data Protection Measures Lifting Its Veils

The GDPR: Everything you need to know about data controllers and data processors

Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities

Examples of data processing activities that require a DPIA

Federal Trade Commission Hosts Panels Related to Consumer Privacy and Data Security at PrivacyCon

The servant of two masters: ICO and OFCOM Joint Statement on Online Safety and Data Protection – coordination so service providers can comply with both

U.S. Commerce Department Proposes Expansion of Information and Communications Technology and Services Review Process

Dutch DPA Publishes Post-GDPR Complaints Report

Stay Connected