fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " opinion "

Consumer contract law in the age of data

As part of its 2015 Digital Single Market Strategy, the European Commission proposed modernising the rules applicable to sales of goods and introducing similar rules for the supply of digital content (such as digital films, music, e-books, applications) and digital services (such as social media platforms, on-line games, pay-per-view access to films, cloud computing, etc.).

After more than 3 years of negotiations, the EU adopted a package comprising a directive on contracts for the supply of digital content and services and a directive on contracts for the sale of goods, both applicable in B2C relations.

Full article: The EU makes B2C contract law enter the age of data

1 year into GDPR, ad industry braces for more fines

Complacency is a dangerous mistress. But it’s a trap many companies are in danger of falling into when it comes to the General Data Protection Regulation, according to advertising sources.

The temptation to do as little as possible, so as to maintain ad revenues, is high. And with no seriously worrying fines levied yet at businesses, several publishers that had taken a strict approach to consent, have started to loosen their terms in order not to feel punished by falling ad revenues while their rivals flourish.

Full article: ‘We’ve only just started’: 1 year into GDPR, ad industry braces for more fines – Digiday

Three difficult lessons after first year of GDPR

One year is certainly not enough to judge the value of the reform that took six years to prepare and is here to stay for a couple of decades.

But it is enough to show us where the obstacles are, or, if you like, what needs to be fixed if we want to see the GDPR develop to its full potential in the near future. In my own practice of using and testing the GDPR over last 12 months I have learnt three lessons, which I am happy to share.

Full article: Will the GDPR serve its purpose? Three difficult lessons after its first year — GDPR Today

Caught between data protection and trade sanctions?

The rapid evolution of the economic sanctions environment constitutes a compliance challenge for multinationals and financial institutions in particular.

A significant emphasis is already placed on the use of technology for facilitating sanctions screening and filtering of listed individuals. While the technology will definitely improve sanctions compliance strategies, one might question to what extent these processing operations will be compatible with data protection rules?

Full article: Caught between data protection and trade sanctions? – CITIP blog

Don’t Acquire a Company Until You Evaluate Its Data Security

When Marriott International acquired Starwood in 2016 for $13.6 billion, neither company was awareof a cyber-attack on Starwood’s reservation system that dated back to 2014. The breach, which exposed the sensitive personal data of nearly 500 million Starwood customers.

In M&A activity, a target’s quality may be linked to the strength of its cybersecurity and its compliance with data privacy regulation. Therefore, due diligence on data and privacy practices is strongly advised.

Full article: Don’t Acquire a Company Until You Evaluate Its Data Security

Dutch DPA Issues Opinion on Use of Cookie Walls

Recently, the Dutch Data protection Authority has taken the position that the use of so-called “cookie walls,” whereby website access is made conditional upon the provision of consent to tracking cookies, is not compliant with the EU General Data Protection Regulation (GDPR).

According to the Dutch SA, use of online tracking technology is one of the most invasive data processing activities considering that virtually everyone is active on the internet and therefore potentially subject to online tracking. It is therefore key to obtain valid consent from website users before engaging in any tracking activity. nd such consent shall meet GDPR requirements.

Source: Dutch Supervisory Authority Opines on Use of Cookie Walls

GDPR Drives Changes, but Privacy by Design Proves Elusive

One year later, the EU mandate’s biggest impact has been to focus more attention on data protection and privacy.

Many organizations have set up or refreshed their legal framework for data privacy, improved defenses against data breaches, and begun managing user consent more rigorously. But significant gaps toward compliance are generally still to be addressed.

Full article: GDPR Drives Changes, but Privacy by Design Proves …

Google’s New Privacy Features Put the Responsibility on Users

Google has promised to give people “clear, meaningful choices” around their data. Android Q, its latest mobile operating system, would ship with something like 50 privacy and security features.

But as Google increases the number of privacy features, the setup of the settings, toggles, and dashboards within its apps seems to put more responsibility on the individual user rather than the platform.

Full article: Google’s New Privacy Features Put the Responsibility on Users | WIRED

What GDPR’s first year says about data privacy regulation

Almost a year ago, the European Union’s General Data Protection Regulation (GDPR) went into effect.

In that year, the United States has been engaging in its own debate about what, if anything, should be done to bolster our data privacy protections. What can the first year of the GDPR teach us about what such a regime may do in America?

Read article: What GDPR’s first year says about data privacy regulation | TheHill

>