On September 20, 2017, the French Data Protection Authority (CNIL) announced that it has updated two standards on privacy seals in order to take into account the requirements of the EU General Data Protection Regulation (“GDPR”).
On September 25, 2017, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP issued a discussion paper on Regulating for Results: Strategies and Priorities for Leadership and Engagement.
On September 19, 2017, the French Data Protection Authority (“CNIL”) launched an online public consultation on two topics identified by the Article 29 Working Party in its 2017 action plan for the implementation of the EU General Data Protection Regulation (“GDPR”).
Google is pleased to announce that the Spanish Data Protection Agency (“Agencia Española de Protección de Datos” or “AEPD”) has issued a decision confirming that the guarantees established by the contractual commitments provided by Google for the international transfers of data to U.S. connected to its G Suite and Google Cloud Platform (GCP) services are adequate. Therefore, the international transfers to U.S. under such contractual commitments are deemed authorized by the AEPD provided the conditions established by the AEPD’s decision are met.
Misleading press stories have claimed that all breaches will need to be reported to the Information Commissioner’s Office and customers alike; others say all details of the breach need to be known straight away and some say there’ll be huge fines for failing to report.
Businesses have been advised to review their existing data processing contracts to ensure that they comply with new EU data protection laws.
14 September 2017 The Spanish data protection authority (‘AEPD’) announced, on 11 September 2017, that it had issued a decision in which it fined Facebook, Inc. €1.2 million for serious violations of the Organic Law 15/1999 of 13 December on the Protection of Personal Data (‘the Law’) (‘the Decision’).
Access by employees to customers’ data has to be subject to stringent privacy restrictions and limitations according to a decision of the Italian data protection authority. The decision of the Italian data protection authority An individual had complained to the Italian privacy authority about the breach of his privacy rights due to the illegal access to his bank account transactions.
Facebook made three serious or very serious privacy violations under Spanish law, the country’s regulator said as it fined the firm $1.44m.