Free tools and resources for Data Protection Officers!

Category Archives for "Other"

New EDPB Guidelines on the territorial scope of the GDPR

On 26 November 2018, the WP29’s successor, the European Data Protection Board (EDPB) published, Guidelines on the territorial scope of the GDPR (Art. 3). The proposed Guidelines are open for public consultation until 18 January 2019. The Guidelines provide some clarification around the boundaries of what constitutes an establishment in the EU, the status of tourists and factors that determine whether data subjects in the EU are being targeted.

The EDPB also provides some guidance on the conditions of appointment of an EU representative for non-EU controllers and processors. However, the Guidelines do not address other key interpretive questions arising from Art. 3 and Chapter V (transfer restrictions) and leave many key legal questions open.

Full article: EU: New EDPB Guidelines on the territorial scope of the GDPR

Parliament seizes cache of Facebook internal papers

British parliament has used its legal powers to seize internal Facebook documents in an extraordinary attempt to hold the US social media giant to account after chief executive Mark Zuckerberg repeatedly refused to answer MPs’ questions.

The seizure is the latest move in a bitter battle between the British parliament and the social media giant. The struggle to hold Facebook to account has raised concerns about limits of British authority over international companies that now play a key role in the democratic process.

Full article: Parliament seizes cache of Facebook internal papers | Technology | The Guardian

Google accused of GDPR privacy violations by seven countries

Consumer groups across seven European countries have filed GDPR complaints against Google’s location tracking (via Reuters). The European Consumer Organisation (BEUC), of which each of the groups are a member, claims that Google’s “deceptive practices” around location tracking don’t give users a real choice about whether to enable it, and that Google doesn’t properly inform them about what this tracking entails. If upheld, the complaints could mean a hefty fine for the search giant.

Full article: Google accused of GDPR privacy violations by seven countries – The Verge

LinkedIn violated data protection by using 18M email addresses of non-members to buy targeted ads on Facebook

LinkedIn has been called out a number of times for how it is able to suggest uncanny connections to you, when it’s not even clear how or why LinkedIn would know enough to make those suggestions in the first place.

Ireland’s Data Protection Commissioner had conducted — and concluded — an investigation of Microsoft-owned LinkedIn, originally prompted by a complaint from a user in 2017, over LinkedIn’s practices regarding people who were not members of the social network.

Full article: LinkedIn violated data protection by using 18M email addresses of non-members to buy targeted ads on Facebook | TechCrunch

You probably have more personal data, in more systems, than you think.

There’s lots of guides on the internet to consent and so-forth, but relatively few that dive into hands-on implementation details. Often, legal teams possess a strong understanding of regulatory requirements and the goals of company operations, but they don’t share the same knowledge of systems and data movements implemented across marketing and sales.

Full article: You probably have more personal data, in more systems, than you think.

Belgian DPA provides first status update after six months of GDPR

The Belgian DPA has released a first status update six months after the GDPR became applicable. Some interesting statistics relate to the number of data breach notifications and complaints received. In the six months ‪since May 25th, the Belgian Data Protection Authority was notified of 317 data breaches (compared to last year when only 13 breaches were notified).

Full article: BELGIUM: Belgian DPA provides first status update after six months of GDPR

Christmas spirit triumphs over GDPR in Germany

A German town managed to revive a children’s Christmas tradition after European data protection laws very nearly scrapped it.

In previous years up to 4,000 wishes to Father Christmas were placed on a tree at a Christmas market in the southern town of Roth and the city council would then attempt to fulfill those wishes, which included the names and addresses of the children who wrote them.

But the popular activity had to stop in 2016 because of Germany’s data privacy legislation and GDPR, as legislation requires parents of minors have to provide consent to the use of their kids’ data.

Local radio station Antenne Bayern found a solution by creating a wish list, which included a parental consent disclaimer, which can be printed from their website and put in the wishing box at the Christmas market.

Source: Christmas spirit triumphs over GDPR in German town of Roth – CNN

FTC Gives Final Approval to Settlements in Privacy Shield Cases

US Federal Trade Commission has given final approval to settlements with four companies over allegations that they falsely claimed certification under the EU-U.S. Privacy Shield framework, which establishes a process to allow companies to transfer consumer data from European Union countries to the United States in compliance with EU law.

As part of the proposed settlements with the FTC, all four companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any self-regulatory or standard-setting organization, and must comply with FTC reporting requirements. In addition, VenPath and SmartStart must continue to apply the Privacy Shield protections to personal information they collected while participating in the program, protect it by another means authorized by the Privacy Shield framework, or return or delete the information within 10 days of the order.

Source: FTC Gives Final Approval to Settlements with Four Companies Related to EU-U.S. Privacy Shield | Federal Trade Commission

>