Marketing and Personal data - Information Management Today

DOJ Regulations and White House Executive Order Will Target Protections for Americans’ Sensitive Personal Data Against Foreign Threat Actors

Hunton Privacy

MARCH 6, 2024

On February 28, 2024, President Biden released an Executive Order (“EO”) “addressing the extraordinary and unusual national security threat posed by the continued effort of certain countries of concern to access Americans’ bulk sensitive personal data and certain U.S. Government-related data.”

Personal data

Personal data Risk Government Access

New guidance on direct marketing

Data Protection Report

JANUARY 10, 2023

On 5 December 2022, the Information Commissioner’s office ( ICO ) published its new guidance on direct marketing (the Direct Marketing Guidance ). Back in 2020 the ICO published a Direct Marketing Code of Practice (the Code ) which is required under s. 122 of the Data Protection Act 2018. Classification of obligations.

Marketing

Marketing B2B Personal data Retail

Irish Data Protection Commission Publishes Annual Report for 2022

Hunton Privacy

MARCH 7, 2023

The Report contains details on several areas of the DPC’s work, including complaints from data subjects received by the DPC, personal data breach notifications received by the DPC and statutory inquiries conducted by the DPC. The Report also includes a high-level breakdown of the categories of personal data breaches notified.

Personal data

Personal data GDPR Data breaches Compliance

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

DLA Piper Privacy Matters

JUNE 27, 2022

The Italian privacy authority, the Garante, deemed that the use of Google Analytics results in unlawful transfers of personal data to the United States in violation of the principles outlined in the Schrems II ruling. In Order No. The disputed facts. Code § 1881(b)(4), which subjects the company to the surveillance of U.S.

Personal data

Personal data Analytics GDPR Privacy

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced

DLA Piper Privacy Matters

MARCH 24, 2021

Issues to be addressed include: Data privacy: compliant privacy notices/consents must be given to/obtained from customers using or buying via e-commerce or livestreaming platforms, sites, apps and services on or before collection or use of personal data, including appropriate direct marketing opt-ins and unsubscribe functions.

Personal data

Personal data Data Privacy Marketing Compliance

Colorado AG Provides Insights on the Colorado Privacy Act Rulemaking Process

Hunton Privacy

APRIL 25, 2022

On April 12, 2022, Colorado Attorney General Phil Weiser made remarks at the International Association of Privacy Professionals Global Privacy Summit in Washington, D.C., where he invited stakeholders to provide informal public comments on the Colorado Privacy Act (“CPA”) rulemaking.

Privacy

Privacy Personal data Sales Compliance

What Is Data Minimisation? Definition & Examples

IT Governance

APRIL 18, 2023

Data minimisation is a key part of information security and the GDPR (General Data Protection Regulation) in particular. Its principles are at the heart of effective data protection practices, and are intended to prevent privacy breaches and minimise the damage when security incidents occur. What is data minimisation?

GDPR

GDPR Personal data Data breaches Marketing

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. A data subject is the human being who owns the data.

GDPR

GDPR Compliance Personal data Privacy

EU Regulatory Data Protection: Many pieces to the regulatory framework puzzle

DLA Piper Privacy Matters

JANUARY 26, 2022

Data is at the heart of the EU’s digital and green transformation, which are the two priorities of the European Commission. With the General Data Protection Regulation (GDPR), adopted in 2016, the EU has created a solid framework for the protection of personal data in line with the EU Charter of Fundamental Rights.

Personal data

Personal data GDPR Computer and Electronics Artificial Intelligence

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

These records are typically organized by grouping them by function or department and then described as either an individual record or grouped together into a record category. Introduction to Data Protection Laws. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

DLA Piper Privacy Matters

SEPTEMBER 17, 2018

30 of 2018 on the Personal Data Protection Law (PDPL). It will provide individuals with rights in relation to how their personal data can be collected, processed and stored. The PDPL also imposes new obligations upon businesses to ensure that the personal data they collect is kept secure.

Personal data

Personal data GDPR Compliance Risk

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

Approximately at the same time as the Executive Order that we described in Part 1 was issued, the Attorney General (AG) unofficially released 90 pages of Advanced Notice of Proposed Rulemaking (ANPRM), which will become official once published in the Federal Register. What is included in the special category of “government related data”?

Access

Access Military Compliance Personal data

ICO’s draft Age Appropriate Design Code could seriously impact processing of under 18’s personal data

Data Protection Report

MAY 16, 2019

The ICO recommends undertaking market research or compiling other evidence relating to user behaviour to ascertain (and help demonstrate) this. In keeping with the ICO’s earlier guidance on processing personal data of children, the primary factor for consideration here is whether the proposed activity is in the “best interests” of the child.

Personal data

Personal data Privacy GDPR Access

Funding for Cybersecurity Startups Plunges – But Some Still Get Deals

eSecurity Planet

JULY 27, 2023

” See the Top Cybersecurity Startups What It Takes To Win in the Current VC Market Venture investors like to say they focus on the long-term, but they tend to turn cautious when markets fall. Here are some of the factors that venture investors are looking for in the current market. This time is no different.

Cybersecurity

Cybersecurity Marketing Cloud Artificial Intelligence

Argentina DPA Issues Guidelines on Binding Corporate Rules

Hunton Privacy

DECEMBER 13, 2018

data protection training to personnel in charge of data processing activities. data protection training to personnel in charge of data processing activities.

Personal data

Personal data Marketing Access Security

EU Regulatory Data Protection: Online advertising – A regulatory patchwork under construction

DLA Piper Privacy Matters

FEBRUARY 27, 2023

In addition, the content of online advertising is also subject to a range of general and sector-specific self-regulatory and legislative requirements that apply, in principle, indiscriminately to all types of advertising.

Communications

Communications Marketing Personal data Privacy

Show-me: Spanish Data Protection laws shaken by the Supreme Court

DLA Piper Privacy Matters

SEPTEMBER 15, 2021

Nevertheless, it decided to go a bit farther and to analyze whether the GDPR, the Spanish law developing it and data protection rights in general could be affected. This implies an earthquake in the Spanish privacy market. Diversity programs (and discrimination practices) based on special category data could be more relaxed.

GDPR

GDPR Privacy Government Personal data

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Data Protection Report

DECEMBER 17, 2020

On 25 November 2020, the European Commission ( EC ) published its proposed Data Governance Regulation (the DGR ), which will create a new legal framework to encourage the development of a European single market for data. What are the objectives of the Data Governance Regulation? Public-sector data sharing .

Government

Government Personal data Marketing Artificial Intelligence

CHINA: Important new risks and practical guidance on China data protection, data security, e-commerce and online platform compliance

DLA Piper Privacy Matters

NOVEMBER 16, 2021

Notably it includes a host of new, onerous regulatory approval and governance requirements for personal data controllers, organisations processing “important data” and operators of online platforms/e-commerce sites, including in the context of corporate transactions.

Compliance

Compliance Personal data Security Risk

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Data Protection Report

JUNE 22, 2022

An exemption to the requirement to provide further fair processing information where personal data was collected directly from data subjects initially and is repurposed for research purposes later has also been identified, where to do so would involve disproportionate effort. The standard of anonymization will be clarified.

GDPR

GDPR Government Personal data Risk

How to comply with Article 30 of the GDPR

IT Governance

JUNE 21, 2018

Article 30 of the EU General Data Protection Regulation (GDPR) sets out what exactly organisations need to document in order to comply with the Regulation. One key part of this record-keeping activity is to document the category of individuals (employees, customers, etc.) What does Article 30 require?

GDPR

GDPR Personal data Risk Cloud

List of mandatory documents required by the GDPR

IT Governance

JULY 31, 2019

The documentation of processing activities is a new legal requirement under the EU GDPR (General Data Protection Regulation). Documenting your processing activities can also support good data governance, and help you to demonstrate your compliance with other aspects of the GDPR. Personal Data Protection Policy (Article 24).

GDPR

GDPR Data breaches Personal data Compliance

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

Data Protection Report

DECEMBER 17, 2020

On 25 November 2020, the European Commission ( EC ) published its proposed Data Governance Regulation (the DGR ), which will create a new legal framework to encourage the development of a European single market for data. In what situations would the DGR apply to data sharing arrangements? Requirement to notify.

Government

Government Personal data GDPR Access

EDPB Opinion on UK Adequacy: Strong Alignment but Challenges Remain

DLA Piper Privacy Matters

APRIL 19, 2021

During its 48th plenary session, the European Data Protection Board ( EDPB ) has adopted two opinions on the European Commission’s draft U.K. The GDPR imposes restrictions on the transfer of personal data to a ‘third country’ unless that country benefits from (i) an adequacy decision; (ii) appropriate safeguards (e.g.

Personal data

Personal data GDPR Access Marketing

ICO Warns of Increased Focus on Adtech

Hunton Privacy

JULY 1, 2019

The report focuses on whether and how organizations in the adtech sector can comply with the EU General Data Protection Regulation (“GDPR”) and the UK’s implementation of the e-Privacy Directive, known as the Privacy and Electronic Communications Regulations (“PECR”).

GDPR

GDPR Personal data Privacy Communications

How to write a GDPR-compliant data subject access request procedure – with template

IT Governance

NOVEMBER 8, 2018

The EU’s GDPR (General Data Protection Regulation) gives data subjects the right to access their personal data from data controllers that are processing it and “to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing”.

GDPR

GDPR Access Personal data Compliance

UK: ICO issues new guidance on special category data

DLA Piper Privacy Matters

DECEMBER 9, 2019

On 14 th November, the Information Commissioner’s Office (“ ICO ”) published an update to its guidance on the processing of special category data (“ Guidance ”). data concerning a person’s sexual orientation. data concerning a person’s sexual orientation. Genetic and biometric data. Background.

Personal data

Personal data GDPR Compliance IT

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. Reassuringly, the PDPL does not contain any major divergences from other well-known data protection regimes, including the GDPR. What does the PDPL cover and who does it apply to? Definitions. Territoriality. Exceptions.

Personal data

Personal data Data breaches GDPR Compliance

European Commission Publishes Draft Data Governance Act

Hunton Privacy

DECEMBER 2, 2020

“Data” under the Data Governance Act means any digital representation of acts, facts or information and any compilation of the same, including in the form of sound, visual or audiovisual recording. Public sector bodies may set conditions around the re-use of data that must be non-discriminatory, proportionate and objectively-justified.

Government

Government Personal data Compliance GDPR

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

Hunton Privacy

MARCH 4, 2020

The Contribution summarizes the responses of the DPAs within the EDPB to the Commission’s questions and conveys general policy messages from the EDPB on the application of the GDPR. Data Breach Notifications. 160,040 personal data breaches were notified to 29 EU/EEA DPAs. Cooperation Mechanism.

GDPR

GDPR Personal data Data breaches Communications

German M&A Deals: Share Deals Remain the Only Secure Way to Transfer All Customer Data

Data Protection Report

JULY 8, 2019

In most cases, a bulk transfer of all customer data is not permitted. Further, the guidance makes no mention of, or allowance for, the transfer of marketing permissions which – as these are generally on an opt-in consent basis in Germany – means a buyer cannot rely on the seller’s marketing consents in an asset sale.

Personal data

Personal data Sales Security Marketing

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

Third, it creates a new category of businesses: those that voluntarily agree to be subject to the CCPA. Entities must annually buy sell, or share personal information of 100,000 consumers, not 50,000 as under the CCPA, to qualify as a business under the second prong of the test. New Rights for Sensitive Personal Information.

Privacy

Privacy B2B Sales Data breaches

ICO’s McDougall Warns Adtech Sector that Change Is Needed

Hunton Privacy

JULY 11, 2019

Although McDougall pointed to various areas of the industry that are causing the regulator concern, he stated that the ICO’s focus in the short-term is primarily on the use of special category (also known as sensitive) data processed as part of real-time bidding, such as race, religion and mental health. This is simple stuff.”.

GDPR

GDPR Marketing Personal data Compliance

The dark web index 2021, report

Security Affairs

JUNE 4, 2021

The most expensive product in this category is a stolen eBay account with a good reputation (that means positive feedback from more than a thousand users) at 1000 USD. The illegal market in the Dark Web has grown significantly from last year. The Cloned Credit Card and Cardholder Data Market. But so have the prices.

Marketing

Marketing Passwords Personal data Encryption

GDPR: lawful bases for processing, with examples

IT Governance

MARCH 13, 2020

Under the EU GDPR (General Data Protection Regulation) , you need to identify a lawful basis before processing personal data. Do you always need individuals’ consent to process their data? This is particularly important because data subjects have the right to withdraw their consent at any time.

GDPR

GDPR Personal data Compliance Marketing

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission).

Privacy

Privacy GDPR Data breaches Risk

EU: Binding Corporate Rules are Generating Greater Interest

DLA Piper Privacy Matters

OCTOBER 16, 2019

Multinationals increasingly turning to BCRs as providing more legal certainty for personal data transfers from the EU. The EU General Data Protection Regulation (“GDPR”) brought about stricter data protection rules, and increased penalties for breaching these rules. Following market leaders.

GDPR

GDPR Personal data Marketing Healthcare

EUROPE: Data protection regulators publish myth-busting guidance on machine learning

DLA Piper Privacy Matters

OCTOBER 10, 2022

For example, the ML system could be used to determine likely trends of categories of persons to default on loan agreements through the processing of financial default information. During the development and training of their algorithms, ML systems begin to adapt and recognise patterns within its data.

Personal data

Personal data GDPR Privacy Marketing

Irish Data Protection Bill in Final Committee Stage Before the Irish Legislature

Hunton Privacy

MAY 22, 2018

The Bill implements Ireland’s national legislation in areas where the EU General Data Protection Regulation (“GDPR”) provides a margin of maneuver to Member States, and specifies the investigative and enforcement powers of the Irish Data Protection Commission.

GDPR

GDPR Personal data Marketing Insurance

Examples of data processing activities that require a DPIA

IT Governance

JUNE 19, 2019

The GDPR (General Data Protection Regulation) requires organisations to conduct a DPIA (data protection impact assessment) whenever processing is ‘likely to result in a high risk’ to the rights and freedoms of individuals. Systematic processing includes activities that are used to observe, monitor or control data subjects.

GDPR

GDPR Personal data Risk Data breaches

ICO’s update report into adtech and real time bidding – a sobering read for participants in the adtech industry

Data Protection Report

JUNE 25, 2019

On 20 June, the UK’s Information Commissioner (the ICO ) published a report setting out its views on adtech, specifically the use of personal data in “real time bidding”, and the key privacy compliance challenges arising from it. RTB is an important example of adtech, which enables the buying and selling of advertising inventory (e.g.

Personal data

Personal data GDPR Compliance Privacy

European Commission Releases First Report on Evaluation of GDPR

Hunton Privacy

JUNE 24, 2020

On June 24, 2020, the European Commission (“the Commission”) submitted its first report on the evaluation and review of the EU General Data Protection Regulation (“GDPR”) to the European Parliament and Council. The report is required under Article 97 of the GDPR and will be produced at four year intervals going forward.

GDPR

GDPR Artificial Intelligence Blockchain Personal data

GDPR automated decision-making and profiling: what are the requirements?

IT Governance

NOVEMBER 9, 2018

In addition to data subjects’ rights to be informed, of access, to rectification, to erasure, to restrict processing, to data portability and to object, the EU’s GDPR (General Data Protection Regulation) sets out requirements relating to automated individual decision-making, including profiling.

GDPR

GDPR Personal data Financial Services Compliance

DOJ Regulations and White House Executive Order Will Target Protections for Americans’ Sensitive Personal Data Against Foreign Threat Actors

New guidance on direct marketing

Webinars

Trending Sources

Irish Data Protection Commission Publishes Annual Report for 2022

Webinars

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced

Colorado AG Provides Insights on the Colorado Privacy Act Rulemaking Process

What Is Data Minimisation? Definition & Examples

GDPR compliance checklist

EU Regulatory Data Protection: Many pieces to the regulatory framework puzzle

How to implement the General Data Protection Regulation (GDPR)

The Impact of Data Protection Laws on Your Records Retention Schedule

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

ICO’s draft Age Appropriate Design Code could seriously impact processing of under 18’s personal data

Funding for Cybersecurity Startups Plunges – But Some Still Get Deals

Argentina DPA Issues Guidelines on Binding Corporate Rules

EU Regulatory Data Protection: Online advertising – A regulatory patchwork under construction

Show-me: Spanish Data Protection laws shaken by the Supreme Court

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

CHINA: Important new risks and practical guidance on China data protection, data security, e-commerce and online platform compliance

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

How to comply with Article 30 of the GDPR

List of mandatory documents required by the GDPR

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

EDPB Opinion on UK Adequacy: Strong Alignment but Challenges Remain

ICO Warns of Increased Focus on Adtech

How to write a GDPR-compliant data subject access request procedure – with template

UK: ICO issues new guidance on special category data

UAE: Federal level data protection law enacted

European Commission Publishes Draft Data Governance Act

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

German M&A Deals: Share Deals Remain the Only Secure Way to Transfer All Customer Data

California Privacy Law Overhaul – Proposition 24 Passes

ICO’s McDougall Warns Adtech Sector that Change Is Needed

The dark web index 2021, report

GDPR: lawful bases for processing, with examples

The Privacy Officers’ New Year’s Resolutions

EU: Binding Corporate Rules are Generating Greater Interest

EUROPE: Data protection regulators publish myth-busting guidance on machine learning

Irish Data Protection Bill in Final Committee Stage Before the Irish Legislature

Examples of data processing activities that require a DPIA

ICO’s update report into adtech and real time bidding – a sobering read for participants in the adtech industry

European Commission Releases First Report on Evaluation of GDPR

GDPR automated decision-making and profiling: what are the requirements?

Stay Connected