Hunton Privacy

SEPTEMBER 22, 2023

On September 15, 2023, the Irish Data Protection Commission (the “DPC”) announced a fine of 345 million Euros against TikTok Technology Limited (“TikTok”) for non-compliance with GDPR rules regarding the processing of personal data of child users.

GDPR 72

GDPR Privacy Personal data Compliance 72

Hunton Privacy

NOVEMBER 12, 2020

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (“GDPR”) along with its draft set of new standard contractual clauses (the “New SCCs”).

GDPR 119

GDPR Personal data IT 119

Hunton Privacy

MARCH 17, 2020

On March 12, 2020, the French Data Protection Authority (the “CNIL”) released its annual inspection strategy for 2020. The draft recommendations were open to public consultation until February 25, 2020. Inspections will begin in the fall of 2020 and will continue in 2021.

Data collection 80

Data collection Data breaches GDPR Personal data 80

Hunton Privacy

DECEMBER 1, 2020

On November 26, 2020, the French Data Protection Authority (the “CNIL”) announced that it imposed a fine of €2.25 These inspections aimed to verify whether Carrefour France and Carrefour Banque were in compliance with all provisions of the GDPR and the French Data Protection Act. GDPR and Cookie Violations.

GDPR 91

GDPR Personal data Data collection Marketing 91

Security Affairs

JULY 5, 2023

The audits relate to a version of the Google tool from August 14, 2020. The authority determined that Google’s statistics tool was transferring personal data to the US. IMY states that the data transferred to the US is personal data because the data can be linked with other unique data that is transferred.

Analytics 78

Analytics Personal data GDPR Privacy 78

DLA Piper Privacy Matters

JULY 8, 2020

On the 6 th of July 2020, the Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , “Dutch DPA“) published its decision to impose a fine of 830,000 EUR on Stichting Bureau Krediet Registratie (BKR). Digital) access to personal data should be provided free of charge and at reasonable intervals.

Access 98

Access GDPR Personal data IT 98

IT Governance

JULY 1, 2020

The first half of 2020 ended on a familiarly bad note, with 92 security incidents accounting for at least 7,021,195,399 breached records. Cyber attack on Mid-Michigan College endangers personal data of staff and students (16,000). Inventory Hive website vulnerability exposes users’ personal data (100,000+).

Data breaches 140

Data breaches Ransomware Retail Personal data 140

erwin

APRIL 18, 2019

California Consumer Privacy Act (CCPA) compliance shares many of the same requirements in the European Unions’ General Data Protection Regulation (GDPR). 1, 2020, to enact its mandates. Luckily, many organizations have already laid the regulatory groundwork for it because of their efforts to comply with GDPR.

GDPR 81

GDPR Compliance Privacy Personal data 81

Hunton Privacy

DECEMBER 15, 2020

Article 28 of the GDPR sets out specific provisions that must be executed between data controllers and processors when personal data is shared. Once finalized, the SCCs will remain optional but demonstrate the level of detail that the Commission expects to see in data processing agreements.

GDPR 80

GDPR Personal data IT 80

DLA Piper Privacy Matters

NOVEMBER 24, 2020

Background: How to calculate GDPR fines? How to properly calculate administrative fines for non-compliance with the EU General Data Protection Regulation (‘ GDPR ’) is one of the most important questions when applying the GDPR on practical level, e.g. : What is actually meant by the reference to “undertaking” in Article 83 (4) to (6) GDPR?

GDPR 75

GDPR Authentication Compliance Personal data 75

Hunton Privacy

FEBRUARY 23, 2023

On February 20, 2023, in the case of Experian Limited v The Information Commissioner , the First-Tier Tribunal in the UK (the “ Tribunal ”) ruled on the ICO’s action to require Experian to make changes to how it processes personal data for direct marketing purposes.

Marketing 64

Marketing Personal data GDPR Privacy 64

DLA Piper Privacy Matters

APRIL 25, 2023

12(5) and Art. 15(3) GDPR must be interpreted as requiring a data controller to provide the data subject with a copy of his or her personal data, even where the data subject requests the copy for purposes unrelated to data protection. 12(5) and Art. 12(5) and Art. 15(3) GDPR.

Access 52

Access GDPR Personal data IT 52

Hunton Privacy

NOVEMBER 16, 2020

On November 12, 2020, somewhat in the shadow of the new standard contractual clauses for data transfers to recipients outside the European Economic Area (“EEA”), the European Commission also adopted draft standard contractual clauses to be used between controllers and processors in the EEA (“EEA Controller-Processor SCCs”).

GDPR 88

GDPR Personal data Data breaches Information Security 88

DLA Piper Privacy Matters

APRIL 20, 2021

The CJEU’s long-awaited Schrems II decision of 16 July 2020, raised important questions on the validity of data processing activities involving the transfer of personal data outside the EEA. GDPR), the CJEU stated that due to their inherently contractual nature, they cannot bind the public authorities of third countries.

Personal data 105

Personal data GDPR Compliance Privacy 105

ARMA International

APRIL 18, 2022

Introduction to Data Protection Laws. Data protection laws, regulations, and rules control the collection, use, transfer, and storage of personal and sensitive information. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data 100

Personal data GDPR Privacy Records Management 100

Hunton Privacy

JULY 15, 2020

The Dutch DPA found that BKR had infringed the GDPR on the following grounds: Free of charge access requests: The Dutch DPA found that BKR had infringed Article 12(5) of the GDPR by charging a fee to data subjects wishing to access personal data in a digital format.

Compliance 65

Compliance GDPR Personal data Paper 65

Data Protection Report

JANUARY 20, 2020

Following the implementation of the GDPR in May, 2018, many jurisdictions moved to review and strengthen existing data privacy and cyber-security laws. In addition, 2019 saw regulators publishing findings in respect of some of the largest data incidents of 2018. million patients.

Personal data 128

Personal data Security Data Privacy GDPR 128

Hunton Privacy

NOVEMBER 13, 2020

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (“GDPR”), along with its draft set of new standard contractual clauses (the “SCCs”).

Personal data 105

Personal data GDPR Data collection Access 105

Data Protection Report

JUNE 9, 2022

On 12 May 2022 EDPB adopted Guidelines on the calculation of administrative fines (the Guidelines ). where a breach of more specific provision of GDPR breaches a wider provision as well). 1) Category of infringement under Article 83(4) – (6) GDPR. the place of the infringed provision in the GDPR framework).

GDPR 52

GDPR Compliance Personal data IT 52

Data Protection Report

NOVEMBER 13, 2020

On 12 November, the European Commission published revised Standard Contractual Clauses (SCCs) and a draft implementing decision. The new SCCs aim to modernise the clauses in line with the GDPR and to cover a multitude of different types of transfers to cater for “ the complexity of modern processing chains ”.

Personal data 98

Personal data GDPR Encryption Government 98

Data Matters

FEBRUARY 19, 2021

What transfers are restricted under the GDPR? The EU GDPR prohibits the transfer of personal data to a country outside the European Economic Area ( EEA ) (otherwise known as a third country ) that is not considered to provide an ‘adequate level’ of data protection by the EC unless ‘appropriate safeguards’ are implemented (e.g.,

GDPR 68

GDPR Personal data Privacy Access 68

Privacy and Cybersecurity Law

JULY 9, 2020

On June 12, 2020, the Québec government proposed a significant overhaul of its current privacy laws through the introduction of the highly anticipated Bill 64, An Act to Modernize Legislative Provisions Respecting the Protection of Personal Information (“Bill”).

GDPR 52

GDPR Privacy Personal data Government 52

DLA Piper Privacy Matters

JUNE 4, 2020

The Belgian Data Protection Authority (BDPA) used the GDPR second anniversary as a milestone to issue a news alert with statistics on the actions it has taken since May 2019 (figures from 25/05/2019 to 20/05/2020). Reported data breaches. By Frederik Ringoot. Some statistics: Topic. Statistics. Information requests.

Marketing 52

Marketing GDPR Data breaches Personal data 52

Hunton Privacy

JUNE 4, 2021

On June 4, 2021, the European Commission published the final version of the implementing decision on standard contractual clauses for transfers of personal data to third countries under the EU General Data Protection Regulation (“GDPR”), as well as the final version of the new standard contractual clauses (the “SCCs”).

Personal data 105

Personal data GDPR Government Access 105

Hunton Privacy

FEBRUARY 27, 2020

Accordingly, the EU Council Presidency is proposing substantial revisions to these key provisions of the Draft ePrivacy Regulation, with the aim of further aligning the Draft ePrivacy Regulation with the EU General Data Protection Regulation (the “GDPR”).

Metadata 107

Metadata Personal data Communications GDPR 107

Data Protection Report

JUNE 7, 2021

On Friday 4 June, the European Commission published the finalised version of the new Standard Contractual Clauses for transferring personal data from the EU to third countries (the New SCCs). Companies now have 18 months to update their supplier contracts and other data export arrangements. Module 1, clause 8.5(e)

Personal data 119

Personal data GDPR Data breaches Access 119

Thales Cloud Protection & Licensing

DECEMBER 2, 2020

A Solution to Schrems II and the Security of Transatlantic Data Flows. Thu, 12/03/2020 - 05:24. Known as the Schrems II decision , it created serious problems for organizations that transfer data from the European Union into the United States. Special emphasis is given to the way encryption keys are managed.

Encryption 113

Encryption Security Personal data Compliance 113

Hunton Privacy

OCTOBER 29, 2020

On October 27, 2020, the UK Information Commissioner’s Office (“ICO”) published its enforcement notice against credit reference agency Experian Limited (“Experian”) under Section 149 of the Data Protection Act 2018 (“DPA”) (the “notice”).

Personal data 81

Personal data Marketing GDPR Compliance 81

DLA Piper Privacy Matters

JUNE 23, 2020

On June 19, 2020 the Council of State confirmed the CNIL decision and dismissed Google LLC appeal. The CNIL assessment that Google did not collect a valid consent for ads personalization and does not comply with the transparency and information requirements set forth in Article 12 and 13 of the GDPR are not legally grounded (2).

GDPR 86

GDPR Personal data Access IT 86

Data Matters

JULY 24, 2020

Below is a summary of the key take-aways from the EDPB’s FAQs, which is intended to address a range of topics including the lack of a grace period following the decision and the conditions surrounding the use of certain data transfer mechanisms: 1. public authorities to access personal data transferred from the EU to the U.S.

Personal data 97

Personal data GDPR Privacy Access 97

Thales Cloud Protection & Licensing

DECEMBER 22, 2020

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing. Tue, 12/22/2020 - 10:08. New EU restrictions could force companies to change data transfer practices and adopt more advanced data encryption methods. The problem is not limited to the requirements of GDPR. In the Dec.

Data Privacy 118

Data Privacy Privacy Security Encryption 118

Data Matters

NOVEMBER 13, 2020

The European Commission (EC), on 12 November 2020, published a draft adequacy decision implementing revised Standard Contractual Clauses (draft SCCs) – (the EC’s Draft). In relation to special categories of personal data (e.g., In relation to special categories of personal data (e.g.,

Personal data 68

Personal data GDPR Privacy Compliance 68

IT Governance

DECEMBER 21, 2023

Note that this data set only accounts for personal data breaches reported to the ICO, so it only reflects breaches affecting UK residents that were not just discovered, but also reported. According to the ICO’s data from 2020–2022, the answer is 34% – or 33.6%, to be more exact. Failure to redact.

Data breaches 52

Data breaches Personal data Government GDPR 52

Hunton Privacy

JULY 10, 2020

On June 16, 2020, the Litigation Chamber of the Belgian Data Protection Authority (the “Belgian DPA”) imposed a fine on a company (the “defendant”) for unlawful and incorrect processing of personal data and non-compliance with the EU General Data Protection Regulation’s (the “GDPR”) data subject rights provisions.

Compliance 49

Compliance GDPR Marketing Personal data 49

HL Chronicle of Data Protection

MARCH 5, 2020

On January 17, The Belgian Data Protection Authority (DPA) published Recommendation no 01/2020 providing Guidance on direct marketing. The Recommendation provides a methodology on how to comply with the General Data Protection Regulation (GDPR) when conducting direct marketing. Necessity for Data Minimisation.

Marketing 59

Marketing GDPR Personal data Healthcare 59

Data Protection Report

OCTOBER 7, 2020

On 1 October 2020, the UK Information Commissioner’s Office (ICO) published draft statutory guidance , providing clarity about how it will regulate and enforce data protection legislation in the UK. The considerations applied here are well known and replicate those of Article 83(2) of the GDPR. The Guidance.

GDPR 102

GDPR Personal data IT 102

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. 1, 2020, unless changed in the interim. Right to Know.

GDPR 79

GDPR Privacy Sales Data breaches 79