fbpx

Download free GDPR compliance checklist!

Tag Archives for " guidance "

IAB releases DPIA guidance for Digital Advertising under GDPR

IAB has developed and published practical guide to carrying out data protection impact assessments (DPIA) under the EU’s General Data Protection Regulation (GDPR).

Guide provides background and describes the DPIA process in the context of processing data for digital advertising generally and for real-time bidding (RTB), in order to help companies understand their obligations and how to comply with them in practice. It explains how to incorporate the DPIA process into a company’s normal course of product design and development.

Source: GDPR Data Protection Impact Assessments (DPIA) for Digital Advertising under GDPR – IAB Europe

European Data Protection Board Issues Schrems II Recommendations

Following the Court of Justice of the European Union’s (“CJEU”) decision in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems on 16 July 2020 (Schrems II), the European Data Protection Board (EDPB) on 11 November 2020 issued its anticipated recommendations describing how controllers and processors transferring personal data outside the European Economic Area (EEA) may comply with the Schrems II ruling.

The EDPB on November 11 issued two sets of recommendations. The first set of recommendations covers the assessment and supplementary measures data exporters may need to adopt to ensure compliance with the EU level of personal data protection (“Supplementary Measures Recommendations”). The second set of recommendations lays down the elements to be used to examine whether surveillance measures allowing access to personal data by public authorities in a third country can be regarded as a justifiable interference with the level of data protection guaranteed in principle by the EU (“European Essential Guarantees Recommendations”).

These recommendations are applicable immediately but are open for public consultation until November 30.

Source: European Data Protection Board Issues Schrems II Recommendations

French Supervisory Authority Releases Strict Guidance on the Use of Facial Recognition Technology at Airports

On October 9, 2020, the French Supervisory Authority (CNIL) issued guidance on the use of facial recognition technology for identity checks at airports.

The CNIL indicates that it has issued this guidance in response to a request from several operators and service providers of airports in France who are planning to deploy this technology on an experimental basis. In this blog post, we summarize the main principles that the CNIL says airports should observe when deploying biometric technology.

Source: French Supervisory Authority Releases Strict Guidance on the Use of Facial Recognition Technology at Airports | Inside Privacy

FTC Issues New Guidance on Artificial Intelligence Technology 

In the latest piece to come out of the FTC’s new focus on emerging technologies, the FTC Bureau of Consumer Protection issued new guidance on the use of artificial intelligence (AI) and algorithms.

The guidance follows up on a 2018 hearing where the FTC explored AI, algorithms, and predicative analysis. As the FTC recognizes, these technologies already pervade the modern economy. They influence consumer decision making – from what video to watch next, to what ad to click on, or what product to purchase.

Source: A New Frontier or Back to Basics? FTC Issues New Guidance on Artificial Intelligence Technology | Minding Your Business

EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

During its 39th plenary session on October 8, 2020, the European Data Protection Board (EDPB) adopted guidelines on relevant and reasoned objection under the General Data Protection Regulation (GDPR).

The Guidelines relate to the cooperation and consistency provisions set out in Chapter VII of the GDPR, under which a lead supervisory authority has a duty to cooperate with other concerned supervisory authorities in order to reach a consensus.

Source: EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

ICO Launches Consultation on Its Draft Statutory Guidance

On October 1, 2020, the UK Information Commissioner’s Office (ICO) launched a public consultation on its draft Statutory Guidance.

The Guidance provides an overview of the ICO’s powers and how it intends to regulate and enforce data protection legislation in the UK, including its approach to calculating fines.

Source: ICO Launches Consultation on Its Draft Statutory Guidance

French Supervisory Authority Publishes Final Version of Cookie Guidelines

On October 1, 2020, the French Supervisory Authority (CNIL) published the final version of its Guidelines on cookies and other tracking technologies, as well as an adjoining set of best practice recommendations with examples on how to implement the guidelines.

The new version of the guidelines takes into account contributions submitted by various stakeholders during the public consultation period for both documents, as well as a recent decision of the French Council of State regarding a prior version of the guidelines.

Source: French Supervisory Authority Publishes Final Version of Cookie Guidelines, Says It Will Start Enforcing Them in April 2021

U.S. Department of Commerce Releases White Paper to Assist Organizations in Conducting Schrems II Assessments

The U.S. Department of Commerce published a white paper to assist organizations in conducting independent analyses of data transfers in light of the July 16, 2020 Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems, Case C-311/18 (Schrems II) decision by the Court of Justice of the European Union (CJEU) and, ultimately, in making the case for transferring personal data to the United States using EU-approved transfer mechanisms.

The white paper outlines privacy safeguards relating to government access to data provided by U.S. law, focusing on those that are relevant to the issues that appear to have concerned the CJEU in Schrems II.

Source: U.S. Department of Commerce Releases White Paper to Assist Organizations in Conducting Schrems II Assessments | Alston & Bird Privacy Blog

The EDPB launches a public consultation on its draft guidelines on the concepts of controller and processor

EDPB has published new draft guidelines on the concepts of controller and processor which aim at replacing the previous opinion from the Article 29 Working Party  (WP169).

This document thus intends to clarify the definition of the concepts of controller, joint controller, processor, third party and recipient of data, by illustrating them with concrete examples within different sectors. It also aims at specifying the obligations that are attached to these qualifications.

Following the public consultation and after analyzing the contributions received, the final version of the guidelines will be adopted by the EDPB.

Source: The EDPB launches a public consultation on its draft guidelines on the concepts of controller and processor

CNIL issues new guidance on data retention

The French Supervisory Authority CNIL in July has issued new updated guidelines on data retention.

These Guidelines aim at providing practical tools to help defining the relevant rules to organize data retention and accordingly the retention period applicable for each step of the personal data processing life cycle so that the personal data are not kept indefinitely.

Source: FRANCE: NEW GUIDANCE FOR DATA RETENTION

1 2 3 37
>