Free tools and resources for Data Protection Officers!

Category Archives for "Other"

How to avoid consent fatigue

Consent requests combined with the obligation of transparency aims to give back control to individuals over the use of their personal data.

However, the frequency of interactions with organizations that collect personal data makes it tedious, if not practically impossible, for individuals to process the information contained within a consent format, in particular, where organizations unduly use bundled consents to a broader range of operations.

Source: How to avoid consent fatigue

Austrian DPA takes “result-oriented perspective” in data erasure decision

The Austrian data protection authority (‘DSB’) published, on 30 January 2019, its decision, dated 5 December 2018, on the right to data erasure, further to an individual’s complaint.

In particular, the DSB highlighted that the complainant had alleged that an unnamed insurance company had infringed his right to data erasure by only deleting data stored for marketing purposes and anonymising the remainder.

Full article: Austria: DSB takes “result-oriented perspective” in data erasure decision

Oracle faces tough decisions regarding its data practices

Oracle has spent five years and billions of dollars getting really good at following people around the internet. However, its data business started to look a lot riskier.

Facing tough questions about its practices over the past year, Oracle’s advertising software division, known as Data Cloud, has implemented previously unreported dismissals.

Full article: Oracle Didn’t See the Data Reckoning Coming – Bloomberg

Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration

Data Protection Authority (DPA) of the German state of Bavaria announced it was considering fining a number of companies under the GDPR for their website cookie practices.

None of these companies appear to be in Google-style tech industries. The Bavarian DPA’s action potentially signals that cookies, user tracking, and online advertising are not a ‘tech industry issue,’ but instead a priority issue for companies irrespective of their industry – and one that can carry GDPR fine risk.

Full article: Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration

EDPB Adopts Opinion on Interplay Between the EU Clinical Trials Regulation and the GDPR

On 23 January 2019, the European Data Protection Board (EDPB) adopted an opinion on the interplay between the EU Clinical Trials Regulation (CTR) and the EU General Data Protection Regulation (GDPR). The Opinion addresses the appropriate legal basis for the processing of personal data in the context of clinical trials (primary use), and the secondary use of clinical trial data.

Source: EDPB Adopts Opinion on Interplay Between the EU Clinical Trials Regulation and the GDPR

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

Given the potential financial exposure under GDPR, it is no surprise that a great deal of time is being spent working out how to allocate the risk and liability when negotiating commercial contracts. Here is our take on the underlying law and the recent trends.

Full article: UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

Google Warns Data Privacy Changes Could Hurt Its Business

Google parent Alphabet Inc. warned that its business may be damaged by changing data privacy practices, new digital advertising polices and software bugs that leak user information.

As consumers and politicians re-evaluate the data-collecting business models of companies like Google and Facebook Inc., the chance of tough regulations that undercut key revenue streams is increasing. To date, Google has mostly faced fines in Europe that it has been able to pay with its massive cash hoard, but some privacy advocates and those concerned with the company’s sheer size are pushing for harsher policies.

Source: Google Warns Data Privacy Changes Could Hurt Its Business – Bloomberg

German Regulator Says Facebook Can’t Use Data From Instagram and WhatsApp

Facebook “was able to build a unique database for each individual user and thus to gain market power,” says Andreas Mundt of Germany’s Federal Cartel Office.

Germany’s antitrust agency is hitting Facebook with “far-reaching restrictions” on the social media network’s practice of merging its users’ data that was gleaned from WhatsApp, Instagram and millions of third-party websites and apps. The decision can be appealed; if it stands, it would force Facebook to add more ways for its users to protect their privacy.

Source: German Regulator Says Facebook Can’t Use Data From Instagram, WhatsApp : NPR

Google remain under ICO scrutiny for GDPR misdemeanours

The Information Commissioner’s Office is to work alongside regulators in Europe to establish whether Google has fallen foul of more GDPR rules.

The ICO, which enforces European data law in the UK, is now investigating measures to take following a number of complaints raised against the tech giant.

Source: Google remain under ICO scrutiny for GDPR misdemeanours

>