fbpx

Download free GDPR compliance checklist!

Tag Archives for " compliance "

EU regulator warns Europol could be breaking data rules

Law enforcement agency Europol is likely to have mishandled troves of personal data in breach of the agency’s own rules, according to the data protection agency in charge of policing EU institutions.

In a letter dated September 17 — of which a redacted version was made public, which POLITICO saw in full — the European Data Protection Supervisor (EDPS) said there was a “high likelihood that Europol continually processes personal data on individuals for whom it is not allowed to do so.”

Source: EU regulator warns Europol could be breaking data rules – POLITICO

IAB Europe warns of ‘chilling effect’ on open-source compliance solutions if GDPR breach interpretation upheld

Digital advertising association IAB Europe has hit out at a preliminary report by the Belgian Data Protection Authority finding that its ad tracking consent framework does not comply with GDPR.

The widely-adopted Transparency and Consent Framework (TCF) is designed to help publishers tell visitors where data is being collected and how they intend to use it.

Source: IAB Europe warns of ‘chilling effect’ on open-source compliance solutions if GDPR breach interpretation upheld

Irish data watchdog investigates Instagram’s use of children’s data

Irish Data Protection Commission (“DPC”) has opened an inquiry into processing of children’s data by Instagram. Instagram platform is owned by Facebook Ireland Limited.

First inquiry will assess Facebook’s reliance on certain legal bases for its processing of children’s personal data on the Instagram platform.

Second inquiry will focus on Instagram profile and account settings and the appropriateness of these settings for children. Amongst other matters, this Inquiry will explore Facebook’s adherence with the requirements in the GDPR in respect to Data Protection by Design and Default and specifically in relation to Facebook’s responsibility to protect the data protection rights of children as vulnerable persons.

Source: Data Protection Commission’s two statutory Inquiries into Facebook’s processing of children’s data on Instagram (opened in Sept 2020) | 19/10/2020 | Data Protection Commission

IAB Europe’s ad tracking consent framework found to fail GDPR standard

A flagship framework for gathering Internet users’ consent for targeting with behavioral ads — which is designed by ad industry body, the IAB Europe — fails to meet the required legal standards of data protection, according to findings by its EU data supervisor.

The Belgian DPA’s investigation follows complaints against the use of personal data in the real-time bidding (RTB) component of programmatic advertising which contend that a system of high velocity personal data trading is inherently incompatible with data security requirements baked into EU law.

Source: IAB Europe’s ad tracking consent framework found to fail GDPR standard | TechCrunch

Google Analytics Gets A Major Privacy And Machine Learning-Focused Overhaul

Google is revamping Google Analytics for a world in which privacy plays center stage and identifiers are exiting stage left.

The new version of Google Analytics, released on Wednesday, was in beta for more than a year, and will now be the default experience for all users.

The updated product includes privacy controls to help publishers manage their data use, a beefed up data deletion tool and a consent mode API that makes it easier for customers to pass along consent information collected from their users.

Source: Google Analytics Gets A Major Privacy And Machine Learning-Focused Overhaul | AdExchanger

‘Do Not Track’ Is Back, and This Time It Might Work

California’s privacy law says businesses must respect universal opt-outs. Now the technology finally exists to put that to the test.

When the attorney general issued California Consumer Privacy Act, the technology for a global opt-out didn’t exist. As of today, it does. The Electronic Frontier Foundation, and the search engine and browser DuckDuckGo, announced the beta launch of a new global privacy control. The idea is to create a technical specification that qualifies as a universal opt-out under the CCPA, so that exercising rights under the law would flip from being hopelessly complex to extremely easy.

Source: ‘Do Not Track’ Is Back, and This Time It Might Work | WIRED

Wyden and Warren Demand Investigation into IRS Warrantless Location Tracking

A unit of the IRS previously bought access to location data harvested from ordinary apps installed on peoples’ phones to try and identify individuals.

The news highlights the continued tread of law enforcement agencies obtaining location data that would ordinarily require a warrant to do, by simply purchasing the data from commercial providers instead. Ron Wyden and Elizabeth Warren want a formal investigation into the IRS’ use of smartphone location data to track Americans without a warrant.

Source: Wyden and Warren Demand Investigation into IRS Warrantless Location Tracking

Europe’s top court confirms no mass surveillance without limits

Europe’s top court has delivered another slap-down to indiscriminate government mass surveillance regimes.

In a ruling the CJEU has made it clear that national security concerns do not exclude EU Member States from the need to comply with general principles of EU law such as proportionality and respect for fundamental rights to privacy, data protection and freedom of expression.

However the court has also allowed for derogations, saying that a pressing national security threat can justify limited and temporary bulk data collection and retention — capped to ‘what is strictly necessary’.

Source: Europe’s top court confirms no mass surveillance without limits | TechCrunch

Companies face greater risk as GDPR class actions emerge

In the past month three of the world’s largest tech firms have been hit with legal actions that could lead to billion-dollar damages suits for alleged violations of the GDPR.

Unusual for Europe, the complaints are led by a consumer rights group and a U.K. citizen rather than regulators. If the complainants win their cases, the companies involved could face eye-watering damages awards

Moreover, on June 22, EU institutions agreed on a new directive that will grant consumers in the bloc the right to sue collectively in cases of mass harm, ranging from air and passenger rights and financial services to tourism, energy, and telecommunications.

Source: Companies face greater risk as GDPR class actions emerge | Article | Compliance Week

New mechanism for EU data transfers ‘may be ready by Christmas’

A revised mechanism for transferring EU data outside of the EU may be ready by Christmas, according to the EU’s digital chief.

The new plan comes after the Schrems II ruling by the Court of Justice of the European Union in July, which invalidated the EU-US Privacy Shield transfer mechanism and upheld Standard Contractual Clauses (SCCs).

Source: New mechanism for EU data transfers ‘may be ready by Christmas’

1 2 3 66
>