GDPR

cameratoezicht GDPR

The use of CCTV in light of the Luxembourg National Commission For Data Protecion’s sanctions.

In 2021, the Luxembourg National Commission for Data Protection (the “CNPD”) issued 48 decisions following assessments. 18 of these 48 decisions related to non-compliance of CCTV systems deployed by the controlled entities. Recently, the CNPD issued again new decisisions to sanction entities using CCTV systems that were not compliant with the GDPR.

Lees dit artikel op

inplp.com

EU GDPR

Cross Border Transfers: recent developments

Generally, data transfers to third countries are prohibited unless the receiving country has received an adequacy decision from the European Commission. In the absence of this, outward transfers may only be conducted if the receiving jurisdiction proves that they have implemented appropriate safeguards that guarantee data subject’s rights and effective legal remedies.

Lees dit artikel op

inplp.com

EU GDPR rechtspraak

Data retention overturned? Aftermath to the private sector?

In its ruling of April 5, 2022 - C-140/20 - the ECJ reaffirmed and once again made it unequivocally clear, that national laws, which provide for general and indiscriminate data retention of traffic and location data as a preventive measure to combat serious criminal offenses, violate Union law and are therefore impermissible.

Lees dit artikel op

inplp.com

GDPR rechtspraak Tesla

Expensive update for Tesla

In September 2021, Munich’s regional court (the LG Munich) awarded a plaintiff 130,446 euros in damages. A vehicle purchased by the plaintiff – a Tesla Model X P100D – was no longer height-adjustable after its owner performed a software update. This article examines the obligations of a manufacturer of automobiles ("connected cars") prior to rolling out and installation of over-the-air (OTA) updates and the obligations to provide information regarding functions or changes to functions and the legality of certain features.

Lees dit artikel op

inplp.com

EU GDPR medisch dossier patientgegevens

First European code of conduct for the pharma industry opproved

A Code of Conduct regulating the processing of personal data in the field of clinical trials and other clinical research and pharmacovigilance has been approved. The code of conduct, promoted by Farmaindustria in Spain, regulates how the promoters of clinical studies with medicines and the CROs that decide to adhere thereto must apply the data protection regulations. Data controllers and data processors that adhere to the code of conduct are obliged to comply with its provisions.

Lees dit artikel op

inplp.com

EU GDPR

Lawmakers call for better Facebook user data oversight

Last week, Motherboard revealed that Facebook’s systems are designed in such a way that the company can struggle to track users’ data within its own systems, according to a leaked internal document. After Motherboard published the document, several U.S. and European lawmakers called for stronger oversight of the tech giant to make sure it complies with existing regulations, such as the EU’s General Data Protection Regulation (GDPR), and California’s Consumer Privacy Act, and even more government regulations to protect users’ privacy.

Lees dit artikel op

vice.com

EU GDPR

Facebook doesn’t know what it does with your Data, or where it goes

Facebook is facing what it describes internally as a “tsunami” of privacy regulations all over the world, which will force the company to dramatically change how it deals with users’ personal data. And the “fundamental” problem, the company admits, is that Facebook has no idea where all of its user data goes, or what it’s doing with it, according to a leaked internal document obtained by Motherboard.

Lees dit artikel op

vice.com

GDPR oracle rechtspraak salesforce

Dutch GDPR class action against Oracle and Salesforce declared inadmissible

The first major GDPR class action under the Dutch Act on Mass Damages Settlement in Class Actions (WAMCA) has been declared inadmissible before a substantive assessment could take place. The Privacy Collective (TPC) started a class action on behalf of ten million individuals (all internet users in the Netherlands) against Oracle and Salesforce. TPC claimed that Oracle and Salesforce unlawfully processed personal data, among other things because of their crucial role in the Real Time Bidding (RTB) process.

Lees dit artikel op

inplp.com