Exercises and Personal data - Information Management Today

Europe: CJEU decision – Right of access to individual recipients of personal data

DLA Piper Privacy Matters

JANUARY 19, 2023

On 12 January 2023, the European Court of Justice (“ CJEU ”) delivered its judgment regarding the right of access to personal data under Article 15 GDPR. The CJEU held that when exercising their right of access under the GDPR, data subjects must be provided with the individual data recipients of their personal data.

Personal data

Personal data Access GDPR Privacy

Selling and utilising personal data in an insolvency situation

Data Protection Report

JUNE 1, 2020

For example, in February of this year, the FCA and ICO issued a joint statement warning regulated firms and insolvency practitioners of their responsibilities when dealing with personal data. What are the legal mechanisms to sell or utilise personal data in an insolvency situation? Asset sales.

Personal data

Personal data Sales Marketing GDPR

New Hampshire Becomes 15th State to Enact a Comprehensive State Privacy Law

Hunton Privacy

MARCH 13, 2024

The thresholds are closer to those of, e.g. , Delaware’s Personal Data Privacy Act (H.B. Controller Obligations Similar to most of the comprehensive state privacy laws, SB 255 contains fundamental data minimization, purpose limitation and data protection requirements.

Privacy

Privacy Personal data Sales Risk

Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

DLA Piper Privacy Matters

APRIL 27, 2023

In the course of this cyber-attack, personal data – mainly tax and social security information – of approximately 4 million Bulgarian citizens (or approximately 6 million citizens in total, including foreign citizens) had been accessed and published on the Internet.

Personal data

Personal data GDPR Access Data breaches

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

Hunton Privacy

APRIL 18, 2023

SB 5’s protections would apply to residents of Indiana who act for a personal, family or household purpose, with express exemption for individuals acting in a commercial or employment context.

Privacy

Privacy Personal data Sales Insurance

GDPR Article 17: What Is the Right to Erasure?

IT Governance

MARCH 30, 2023

Article 17 of the GDPR (General Data Protection Regulation) plays a distinctive yet essential role in data protection law. It enshrines “the right to erasure” (sometimes referred to as “the right to be forgotten”), which allows people to request that an organisation deletes any personal data related to them.

GDPR

GDPR Personal data Compliance Government

Protecting or Posturing: What's Acceptable in New Data Privacy Practices

AIIM

APRIL 13, 2021

Technology and apps that are helping to prevent illness, accidents, and crime also happen to collect a vast amount of personal data. Prompted by new concerns about digital privacy and ethics, The State of Virginia recently became the second state, behind California, to adopt a comprehensive consumer data privacy law.

Data Privacy

Data Privacy Privacy Artificial Intelligence Personal data

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

DLA Piper Privacy Matters

SEPTEMBER 17, 2018

30 of 2018 on the Personal Data Protection Law (PDPL). It will provide individuals with rights in relation to how their personal data can be collected, processed and stored. The PDPL also imposes new obligations upon businesses to ensure that the personal data they collect is kept secure. REGULATION.

Personal data

Personal data GDPR Compliance Risk

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Data Protection Report

JUNE 6, 2023

This MPN and its accompanying annexes set out details of TikTok’s non-compliance with data protection law and the reasons why the ICO considered that a fine was appropriate. The requirement to detail “recipient or categories of recipients of the personal data” (Art 13(1)(e)): Vague, broad lists of categories of recipients are not sufficient.

Privacy

Privacy GDPR Personal data Compliance

Facebook's Download-Your-Data Tool Is Incomplete

Schneier on Security

MARCH 2, 2020

Privacy International has the details : Key facts: Despite Facebook claim, "Download Your Information" doesn't provide users with a list of all advertisers who uploaded a list with their personal data. As a user this means you can't exercise your rights under GDPR because you don't know which companies have uploaded data to Facebook.

Personal data

Personal data GDPR Data collection Privacy

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of charging fees and discouraging individuals who wanted to access their personal data.

GDPR

GDPR Personal data Data collection Access

Montana and Tennessee Could Become Eighth and Ninth States to Enact Comprehensive Consumer Privacy Bills

Hunton Privacy

APRIL 28, 2023

Beginning January 1, 2025, controllers must allow a consumer to opt out of targeted advertising and the sale of their personal data through an opt-out preference signal. Consumer” means an individual who is a Montana resident and does not include an individual acting in a commercial or employment context.

Privacy

Privacy Personal data Sales Data Privacy

Subject Access Requests in Scotland: Do you know what data is held about you?

IT Governance

NOVEMBER 12, 2018

Not only does it affect the way organisations process personal data, but also extends data subjects rights in terms of how their data is processed. What is a data subject access request (DSAR)? Speak to an expert >> The post Subject Access Requests in Scotland: Do you know what data is held about you?

Access

Access GDPR Personal data Retail

Colorado AG Publishes Draft Colorado Privacy Act Rules

Hunton Privacy

NOVEMBER 1, 2022

The CPA Rules, which are currently about 38 pages, address many recent issues in state data privacy regulation, including data profiling, data protection, automated data processing, biometric data, universal opt-out mechanisms and individual data rights.

Privacy

Privacy Personal data Data collection Compliance

Think differently about data privacy to deliver digital transformation

Collibra

JANUARY 14, 2020

Data privacy isn’t about compliance — it’s about customers. Although much of the ink spilled around data privacy focuses on obeying regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), it’s a mistake to think about data privacy as a compliance exercise.

Digital transformation

Digital transformation Data Privacy Privacy IoT

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

AUGUST 17, 2020

Some UK organisations will inevitably have to follow all the EU’s data protection rules because they will continue to process the personal data of individuals in the EU. Organisations have also spent many hours working out what legal basis each business process should rely on when personal data is processed.

Privacy

Privacy GDPR Personal data Computer and Electronics

5 things HR departments need to know about data protection

IT Governance

OCTOBER 7, 2019

HR plays a crucial role in an organisation’s GDPR (General Data Protection Regulation) compliance. The department is full of personal data, whether it’s of employees, their next of kin or candidates responding to job adverts. Let’s take a look at five issues that HR must address when handling personal data.

GDPR

GDPR Personal data Compliance Communications

California Legislature Passes Bill Regulating Data Brokers

Hunton Privacy

SEPTEMBER 21, 2023

362 (“Act”), a bill that would impose new requirements on data brokers and grant residents new rights designed to facilitate control over their personal data. The Act would grant California consumers the right to request that data brokers (1) delete and (2) limit the further sale and sharing of consumers’ personal data.

Insurance

Insurance Personal data Sales Compliance

Schrems II judgement due in July – what this might mean for your outsourcing deal

Data Protection Report

JUNE 17, 2020

This judgement concerns the legality of the European Commission approved Standard Contractual Clauses ( SCCs ) which many organisations rely on to transfer personal data outside of the UK and the European Economic Area ( EEA ), particularly in relation to outsourcing services.

Personal data

Personal data Communications Access GDPR

Florida Comprehensive State Privacy Law Sent to Governor for Signature

Hunton Privacy

MAY 17, 2023

Unlike the other comprehensive state privacy laws that have been enacted, the FDBR applies to a much narrower subset of entities.

Privacy

Privacy Personal data Sales Government

Oregon Consumer Privacy Act

Hunton Privacy

JULY 12, 2023

Consumer” means a natural person who resides in Oregon and acts in any capacity other than in a commercial or employment context. Thus, like most other comprehensive state privacy laws, employee data and business-to-business data are excluded from the scope of the OCPA.

Privacy

Privacy Personal data Insurance Sales

OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands

Security Affairs

APRIL 28, 2023

In early April, the Italian Data Protection Authority, c, temporarily banned ChatGPT due to the illegal collection of personal data and the absence of systems for verifying the age of minors. The Authority pointed out that OpenAI does not alert users that it is collecting their data.

Personal data

Personal data Privacy Access Education

Japan: Protection of Personal Information (APPI) Act to be Amended: Is your Business Ready?

DLA Piper Privacy Matters

AUGUST 3, 2020

The amended APPI could have a significant impact on companies that handle personal information. Below are some key points to know about the amendment. Strengthening the Rights of Data Subjects. The amended APPI removes the 6 months threshold, and all personal data is nowsubject to the Rights of Data Subjects.

Personal data

Personal data Data breaches Compliance Analytics

Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law

Hunton Privacy

JULY 20, 2023

On June 30, 2023, the Delaware House of Representatives passed the Delaware Personal Data Privacy Act ( H.B. The DPDPA’s protections would apply to Delaware residents who act for a personal or household purpose, with express exemption for individuals acting in a commercial or employment context.

Privacy

Privacy Personal data Sales Risk

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

Between June 8, 2018 and April 6, 2019, the CNIL received 15 complaints from individuals relating to the exercise of their data protection rights with affiliates of the Carrefour Group. Loyalty program members’ data had been retained for a period of four years from their last activity.

GDPR

GDPR Personal data Data collection Marketing

Privacy Shield shafted – but do SCCs really deliver better privacy protections?

Data Protector

AUGUST 17, 2020

Then, they can wait nervously for the European Commission to tweak the texts of the SCCs, and embark on another repapering exercise. It can be challenging to reach agreement with the other party on the role they play when they use “my organisation’s” personal data. one that would require SCCs). one that would require SCCs).

Privacy

Privacy Personal data Risk Compliance

CNIL Fines Clearview AI 20 Million Euros for Unlawful Use of Facial Recognition Technology

Hunton Privacy

OCTOBER 24, 2022

In order to allow the search of a specific person, Clearview AI creates a biometric template which consists of a digital representation of a person’s physical characteristics. Under the EU General Data Protection (the “GDPR”), biometric data qualifies as sensitive personal data and the processing thereof requires additional protection.

Data collection

Data collection Personal data GDPR Marketing

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

DLA Piper Privacy Matters

JULY 23, 2019

The European Data Protection Board ( “EDPB” ) has published guidelines on the processing of personal data through video devices (the “ Guidelines “) (currently subject to a public consultation process). technical and organisational measures required for such data processing.

Personal data

Personal data GDPR Access Marketing

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. Everything from email addresses to political opinions counts as personal data.

GDPR

GDPR Compliance Personal data Privacy

UK: ICO ISSUES NEW GUIDANCE ON COVID-19 TESTING AND MONITORING IN THE WORKPLACE

DLA Piper Privacy Matters

MAY 13, 2020

The Information Commissioner’s Office (“ ICO ”) has published guidance for employers on complying with data protection law when taking steps to manage Covid-19 health and safety risk in the workplace (“ Guidance ”). This means that the usual data protection principles apply. Retaining and using information about infected employees.

GDPR

GDPR Personal data Risk Privacy

Belgian Data Protection Authority Releases Direct Marketing Recommendation

Hunton Privacy

FEBRUARY 25, 2020

On February 10, 2020, the Belgian Data Protection Authority (the “Belgian DPA”) published its Recommendation 1/2020 on data processing activities for direct marketing purposes (the “Recommendation”). Purchase , Rental and Enrichment of Personal Data. Data Minimization and Storage Limitation. Processing Purposes.

Marketing

Marketing Personal data GDPR Communications

UK Tribunal Rules on Direct Marketing ICO Case Against Experian

Hunton Privacy

FEBRUARY 23, 2023

On February 20, 2023, in the case of Experian Limited v The Information Commissioner , the First-Tier Tribunal in the UK (the “ Tribunal ”) ruled on the ICO’s action to require Experian to make changes to how it processes personal data for direct marketing purposes.

Marketing

Marketing Personal data GDPR Privacy

EU hits Meta with $1.3 billion fine for transferring European user data to the US

Security Affairs

MAY 22, 2023

“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and U.S.,”. Clearly, in order to stop shipping user data to the US, Meta might have to make huge investments such as re-distribute its data to European plants. .

GDPR

GDPR Personal data Privacy Data Privacy

What are the Data Subject Rights under the GDPR?

IT Governance

NOVEMBER 15, 2018

The EU GDPR (General Data Protection Regulation) gives individuals eight rights relating to their personal data. Organisations must let individuals know how they can exercise these rights, and meet requests promptly. But first, what is a data subject? What is a data subject? The right to data portability.

GDPR

GDPR Personal data Access Communications

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

DLA Piper Privacy Matters

SEPTEMBER 6, 2021

While obligations to “users” (those with WhatsApp accounts) are contained in Article 13, there are also obligations to “non-users” under Article 14 due to how WhatsApp processes personal data such as contact details of individuals who do not have accounts. Non-User Data.

GDPR

GDPR Personal data e-Delivery Communications

Should I Be Worried About the GDPR? – EDPB’S Guidelines on the GDPR’S Territorial Scope

HL Chronicle of Data Protection

DECEMBER 30, 2019

That is, certain processing of personal data by a controller might fall within the scope of the GDPR, while others might not. This is a very broad concept as it just implies “ the effective and real exercise of activity through stable arrangements ”. A) The Establishment Criterion (Art. The meaning of “ establishment ”.

GDPR

GDPR Personal data Analytics IT

What are the Data Subject Rights under the GDPR?

IT Governance

JUNE 15, 2018

That’s certainly not the end of the world , but organisations will run into serious problems if they aren’t equipped to deal with data subject rights. The GDPR gives individuals eight rights relating to their personal data. Organisations must let individuals know how they can exercise these rights, and meet requests promptly.

GDPR

GDPR Personal data Compliance Access

CNIL’s New Guidelines on HR Processing

HL Chronicle of Data Protection

APRIL 21, 2020

The new guidelines are applicable to public and private companies for the processing of their employees’ personal data. The CNIL concludes that consent can be used as a legal basis for processing employee/applicant personal data only in cases where there are no consequences for them. Categories of personal data.

Personal data

Personal data GDPR Big data Compliance

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

Hunton Privacy

NOVEMBER 5, 2020

During the investigation, the ICO conducted audits of the direct marketing data broking businesses of the UK’s three largest credit reference agencies (“CRAs”) – Experian, Equifax and TransUnion – and found “significant data protection failures at each” that were “deeply embedded” within the businesses.

Marketing

Marketing Compliance Personal data GDPR

Important Changes to the Singapore Data Privacy Regime

Data Matters

NOVEMBER 16, 2020

On November 2, 2020, Singapore’s legislature finally approved amendments to the Personal Data Protection Act (PDPA). NEW mandatory data breach notification requirement. Consent to the processing of personal data will now be deemed to have been obtained based on. Expanded scope of “deemed consent”.

Data Privacy

Data Privacy Privacy Data breaches Personal data

The risk of pasting confidential company data into ChatGPT

Security Affairs

MARCH 12, 2023

The use of ChatGPT is becoming a serious problem in the workspace, it can potentially cause the leak of sensitive and confidential data. For this reason, companies like JP Morgan and Verizon are blocking access to the chatbot over concerns about confidential data.

Risk

Risk Artificial Intelligence Privacy Personal data

Should I Be Worried About the GDPR? – EDPB’S Guidelines on the GDPR’S Territorial Scope

HL Chronicle of Data Protection

DECEMBER 30, 2019

That is, certain processing of personal data by a controller might fall within the scope of the GDPR, while others might not. This is a very broad concept as it just implies “ the effective and real exercise of activity through stable arrangements ”. A) The Establishment Criterion (Art. The meaning of “ establishment ”.

GDPR

GDPR Personal data Analytics IT

US: Virginia passes comprehensive consumer data protection law

DLA Piper Privacy Matters

MARCH 18, 2021

during a calendar year, control or process personal data of at least 100,000 consumers, or. control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data. Key provisions. business-to-business) or employment context.

Personal data

Personal data Sales GDPR Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The GDPR puts forth a litany of rules for how organizations in and outside of Europe handle the personal data of EU residents. The details of any organization’s plan to become fully GDPR compliant will vary based on the data the organization collects and what it does with that data.

GDPR

GDPR Compliance Personal data Privacy

Europe: CJEU decision – Right of access to individual recipients of personal data

Selling and utilising personal data in an insolvency situation

Trending Sources

New Hampshire Becomes 15th State to Enact a Comprehensive State Privacy Law

Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

GDPR Article 17: What Is the Right to Erasure?

Protecting or Posturing: What's Acceptable in New Data Privacy Practices

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Facebook's Download-Your-Data Tool Is Incomplete

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

Montana and Tennessee Could Become Eighth and Ninth States to Enact Comprehensive Consumer Privacy Bills

Subject Access Requests in Scotland: Do you know what data is held about you?

Colorado AG Publishes Draft Colorado Privacy Act Rules

Think differently about data privacy to deliver digital transformation

Data Protection: Where’s the Brexit Privacy Dividend?

5 things HR departments need to know about data protection

California Legislature Passes Bill Regulating Data Brokers

Schrems II judgement due in July – what this might mean for your outsourcing deal

Florida Comprehensive State Privacy Law Sent to Governor for Signature

Oregon Consumer Privacy Act

OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands

Japan: Protection of Personal Information (APPI) Act to be Amended: Is your Business Ready?

Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Privacy Shield shafted – but do SCCs really deliver better privacy protections?

CNIL Fines Clearview AI 20 Million Euros for Unlawful Use of Facial Recognition Technology

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

GDPR compliance checklist

UK: ICO ISSUES NEW GUIDANCE ON COVID-19 TESTING AND MONITORING IN THE WORKPLACE

Belgian Data Protection Authority Releases Direct Marketing Recommendation

UK Tribunal Rules on Direct Marketing ICO Case Against Experian

EU hits Meta with $1.3 billion fine for transferring European user data to the US

What are the Data Subject Rights under the GDPR?

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

Should I Be Worried About the GDPR? – EDPB’S Guidelines on the GDPR’S Territorial Scope

What are the Data Subject Rights under the GDPR?

CNIL’s New Guidelines on HR Processing

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

Important Changes to the Singapore Data Privacy Regime

The risk of pasting confidential company data into ChatGPT

Should I Be Worried About the GDPR? – EDPB’S Guidelines on the GDPR’S Territorial Scope

US: Virginia passes comprehensive consumer data protection law

How to implement the General Data Protection Regulation (GDPR)

Stay Connected