Amazon hit with record EU data privacy fine

Amazon.com Inc has been hit with a record $886.6 million (746 million euros) European Union fine for processing personal data in violation of the bloc’s GDPR rules, as privacy regulators take a more aggressive position on enforcement.


EU approves data flow to UK but adds sunset clause

Flows of personal data from the EU to the UK will continue, after the European Commission adopted two “data adequacy” decisions. The decisions include a sunset clause, meaning they run out after four years. They will be renewed only if the UK ensures an adequate level of data protection, the commission said.


EU gaat Verenigd Koninkrijk adequaat verklaren voor export persoonsgegevens

De EU-lidstaten hebben zich achter besluiten geschaard om het belemmeren van gegevensstromen na het vertrek van Groot-Brittannië uit de EU te voorkomen. Dat las ik bij Tweakers, en ik moest het ook twee keer lezen. De keuze roept wel vele vragen op, vooral omdat het VK bekend staat om haar massadataspionage die ze deelt met onder meer de Verenigde Staten.


Will co-regulation finally work?

Like the old Data Protection Directive, the GDPR allows the private sector to draft codes of conduct to help demonstrate compliance with the GDPR. They’ve never been too succesful, with only one such code being approved at the EU level in 25 years of European data protection law. Last week, two new ones joined the playing field, both focused on cloud computing.

syringe pixabay

The way to the right for employee sobriety checks – Polish perspective

There have been discussions about whether sobriety data are sensitive data or not. As for my opinion, I share the views expressed by the vast majority of experts that, in the current legislative status resulting from GDPR, the information on alcohol consumption does not fall within the scope of the “sensitive data” definition.


Ruim zeshonderd boetes opgelegd in eerste drie jaar van AVG

Het is vandaag precies drie jaar geleden dat de Algemene verordening gegevensbescherming (AVG) van kracht werd en in die periode hebben de Europese privacytoezichthouders ruim zeshonderd boetes opgelegd voor een totaalbedrag van meer dan 283 miljoen euro. De hoogste AVG-boete sinds 25 mei 2018 was voor Google.


Enforcement of the GDPR in Luxembourg: an issue at stake?

Max Schrems and his organisation NOYB (None Of Your Business) have recently begun a new battle, taking place in Luxembourg. Legal proceedings have been issued against two decisions of the Luxemburg Data Protection Authority (the “CNPD”). These decisions dismissed two complaints lodged against two different US-based data controllers, Apollo and RocketReach.


The challenges related to the transfer of personal data from the perspective of the new law on personal data protection

With digitalization and rapid development of Information and Communication Technologies, personal data emerged as a valuable asset for Companies, at the same time increasing the risk for data security and imposing the need for strict legal regulations for processing as well as transfer of personal data. The purpose of this Article is to provide an overview of the legal mechanisms by which personal data can be transferred from the Republic of North Macedonia.

microsoft office

Microsoft gaat aparte Europese cloud opzetten

Microsoft gaat investeren in een cloud voor Europese bedrijven en overheden. Daarbij worden alle gegevens opgeslagen op servers binnen de Europese grenzen. Alle gegevens van Europese klanten worden binnen de grenzen van het continent opgeslagen en gegevens die momenteel nog elders zijn, worden naar Europa verhuisd.


Personal data breach resulting from data subject’s mistakes have to be notified

The Polish Data Protection Authority has imposed on WARTA. S.A, a Polish insurance and reinsurance company, a new administrative sanction in the amount of c.a. EUR 20.000,00 for failure to notify a personal data breach that resulted from data subject’s mistake.

Scientific research using health data: is the GDPR in contradiction with fair principles?

Medical research is becoming increasingly reliant on the analysis of large amounts of biologically derived data. Greater scientific and societal value are achievable if these research data are processed in accordance with the FAIR – Findable, Accessible, Interoperable and Reusable – principles.


EDPB’S guideliness on the concepts of controller and processor in the GDPR

The European Data Protection Board issued the Guidelines 07/2020 on the concepts of controller and processor in the GDPR, version 1.0, adopted on 02 September 2020. We made a selection of a number of paragraphs which offer relevant insight for groups of companies.


GDPR fines: ramping up and DPAS setting standards

European Supervisory Authorities imposed more than €158m in fines under the GDPR during 2020; close to a 40% increase on the previous 20-month period. This brings the total amount of fines to more than €272m in the period from May 2018 to end 2020.


Facebook faces mass legal action over data leak

Facebook users whose data was compromised by a massive data leak are being urged to take legal action against the tech giant. About 530 million people had some personal information leaked, including, in some cases, phone numbers. A digital privacy group is preparing to take a case to the Irish courts on behalf of EU citizens affected.


Privacytoezichthouders bezorgd over doorgifte van persoonsdata aan het VK

De Europese privacytoezichthouders verenigd in de EDPB maken zich zorgen over plannen van de Europese Commissie (EC) om de doorgifte van persoonsgegevens aan het Verenigd Koninkrijk weer toe te staan.


Does the draft Data Governance Act signal a more economic approach of personal data in the EU?

The draft Data Governance Act, which was published by the European Commission last November, aims to foster the availability of both personal and non-personal data by increasing trust in data intermediaries and to strengthen data sharing mechanisms across the EU. It is the first EU legal instrument clearly reflecting an EU policy trend towards a data-driven economy.


Facebook leak: Irish regulator probes ‘old’ data dump

A data leak involving personal details of hundreds of millions of Facebook users is being reviewed by Ireland’s Data Protection Commission (DPC). The database is believed to contain a mix of Facebook profile names, phone numbers, locations and other facts about more than 530 million people. Facebook says the data is “old”, from a previously-reported leak in 2019.


Romanian authorities sanctioned for GDPR breaches

Towards the end of 2020, the Romanian Data Protection Authority (ANSPDCP) disclosed on its website information regarding the sanctioning of two Romanian public authorities for GDPR breaches while processing personal data.

Can information on criminal records be requested by employers?

A recent Opinion of the Bulgarian data protection authority and certain legislative changes lead to the conclusion that in Bulgaria information on criminal convictions and offences of present or future employees can be requested by employers in very limited number of cases.


When privacy became an investment risk.

Potential investors are being warned of the negative impact that the GDPR sanctions may have on the expected profitability of the business. Cyberattacks on listed companies should be reported to the market as a warning to the investors.


EU court: access to telecom data is strictly limited

At the beginning of March the EU Court answered to an Estonian court’s question whether access to traffic and location data relating to a short period could justify access for fighting crimes that are not “serious” with a hard no.


A privacy law for 25% of the world’s population

China published the Personal Information Protection Law (Draft) (“PIPL”) for public consultation on 21 October 2020. This is the first legal framework to address personal information protection in China. One can find many similarities between the Draft and the EU GDPR. However, there are still significant differences between the two.


Data protection applies to AML-/CFT-legislation, EDPB warns

The European Data Protection Board (EDPB) in a statement of 15 December 2020 warns the European Commission that data protection principles apply to legislation in regard of the prevention of money laundering and terrorist financing.


Aanbevelingen EDPB voor doorgifte persoonsgegevens buiten EU

De European Data Protection Board (EDPB) heeft aanbevelingen opgesteld voor de doorgifte van persoonsgegevens naar derde landen. De EDPB wil het bedrijfsleven hiermee meer duidelijkheid geven, nadat het Europese Hof van Justitie het EU-VS Privacy Shield ongeldig verklaarde.

Deze site maakt gebruik van functionele cookies. Als u ook toegang wilt tot ingesloten inhoud waarbij mogelijk trackers gehanteerd worden van deze aanbieders, klikt u op accepteren. Lees onze privacyverklaring

Deze site is standaard ingesteld op 'cookies toestaan", om je de beste mogelijke blader ervaring te geven. Als je deze site blijft gebruiken zonder je cookie instellingen te wijzigen, of als je klikt op "Accepteren" hieronder, dan geef je toestemming voor het gebruik van Cookies.