fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " EU "

Mind the overlap between GDPR and ePrivacy

Organisations need to be aware of the overlaps between European data protection and privacy rules, and which takes precedence, a privacy lawyer warns.

Understanding the interplay between the European Union’s General Data Protection Regulation (GDPR) and ePrivacy Directive (ePD) is more difficult than most organisations realise, according to Eduardo Ustaran, partner and global co-head of the privacy and cyber security practice at law firm Hogan Lovells.

Full article: Mind the overlap between GDPR and ePD, warns privacy lawyer

New rules bring protections to personal data in EU political campaigns

On March 19, the European Union adopted new rules to “prevent misuse of personal data by European political parties.” The move comes ahead of the European Parliament elections, which will take place across the continent in May 2019.

New rules mean European political parties and foundations can be penalized up to 5 percent of their annual budget for “deliberately influencing, or attempting to influence, the outcome of elections by taking advantage of breaches of data protection rules.”

Source: New rules bring protections to personal data in EU political campaigns

Denmark Recommends First Fine Under New EU Privacy Law

Denmark’s Data Protection Authority (DPA) has recommended fining a taxi company 1.2 million kroner ($180,000) for not deleting customers’ telephone numbers, the first Danish penalty imposed under Europe’s strict 2018 privacy rules.

The fine demonstrates that it’s not enough for companies doing business in Denmark to delete people’s names and addresses to satisfy the requirements of the European Union’s General Data Protection Regulation. They must delete all information, including telephone numbers, to avoid potentially high fines.

Source: Denmark Recommends First Fine Under New EU Privacy Law

After Brexit, the EU must decide if UK data protection is adequate

After Brexit the European Commission will decide whether the UK provides equivalent data protection standards to GDPR and other EU legislation.

The adequacy assessment is going to be a key test of the UK’s data privacy standards and achieving adequacy will be far from straightforward. The UK has committed to maintaining GDPR standards post-Brexit but this is not the whole picture for data protection compliance, and when it comes to the protection of fundamental rights there are difficult questions to be addressed.

Full article: After Brexit, the EU must decide if UK data protection is adequate

UK Issues Regulations on Post-Brexit Data Protection Law

Two sets of regulations aimed at readying UK data protection law for a post-Brexit world have been promulgated in recent weeks. These regulations, which were made pursuant to the EU (Withdrawal) Act 2018 (EUWA), will only come into force in most respects upon the UK’s withdrawal from the EU.

These regulations are intended to preserve the status quo post-Brexit by (1) amending certain provisions of the GDPR to allow it to be retained as UK domestic law and (2) transitionally adopting certain key decisions of the EU institutions that, collectively, would allow for the continued lawfulness of personal data flows out of the United Kingdom where currently permitted under EU law.

Source: UK Issues Regulations on Post-Brexit Data Protection Law

Jourová on first lessons 10 months after the application of the GDPR

European Commission Věra Jourová at the 9th Annual European Data Protection and Privacy Conference delivered a speech “What next for European and global data privacy?”

It her speech First Jourová discusses lessons 10 months after the application of the GDPR, Facebook / Cambridge Analytica scandal and globalised discussion about challenges to privacy.

Read full speech: Speech by European Commission Věra Jourová at the 9th Annual European Data Protection and Privacy Conference: What next for European and global data privacy?

EU citizens being tracked on sensitive government sites

EU governments are allowing more than 100 advertising companies, including Google and Facebook, to surreptitiously track citizens across sensitive public sector websites, in apparent violation of their own EU data protection rules, a study has found.

Danish browser-analysis company Cookiebot found ad trackers — which log users’ locations, devices and browsing behaviours for advertisers — on the official government websites of 25 EU member states. The French government had the highest number of ad trackers on its site, with 52 different companies tracking users’ behaviour.

Source: EU citizens being tracked on sensitive government sites | Financial Times

e-Privacy breaches can rise GDPR fines

Businesses face higher fines if their processing of personal data is found to breach both the General Data Protection Regulation (GDPR) and EU ‘e-Privacy’ rules, according to a new opinion issued by the European Data Protection Board (EDPB).

The EDPB’s opinion, issued earlier this month, concerns the interplay between the e-Privacy Directive and the GDPR.

Full article: GDPR: ‘e-Privacy’ breaches can be factored into fines

Cybersecurity certification schemes backed by MEPs

Businesses could in future be forced to ensure their products, services or processes meet specified cybersecurity standards under proposed new EU rules that have been formally approved by the European Parliament.

According to the proposed new rules, cybersecurity standards could be mandated for certain ICT products, services and processes before the end of 2023.

Source: Cybersecurity certification schemes backed by MEPs

>