The use of CCTV in light of the Luxembourg National Commission For Data Protecion’s sanctions.

In 2021, the Luxembourg National Commission for Data Protection (the “CNPD”) issued 48 decisions following assessments. 18 of these 48 decisions related to non-compliance of CCTV systems deployed by the controlled entities. Recently, the CNPD issued again new decisisions to sanction entities using CCTV systems that were not compliant with the GDPR.


Cross Border Transfers: recent developments

Generally, data transfers to third countries are prohibited unless the receiving country has received an adequacy decision from the European Commission. In the absence of this, outward transfers may only be conducted if the receiving jurisdiction proves that they have implemented appropriate safeguards that guarantee data subject’s rights and effective legal remedies.


Facial recognition systems: 20 million fine against the Amercian company Clearview.

“Not everything that is technically possible is legally and ethically lawful.” These are the words of Guido Scorza, member of the Italian Data Protection Authority, to describe the €20 million fine imposed last February by the Italian DPA on the US company Clearview AI Inc. for its facial recognition service.


Data retention overturned? Aftermath to the private sector?

In its ruling of April 5, 2022 – C-140/20 – the ECJ reaffirmed and once again made it unequivocally clear, that national laws, which provide for general and indiscriminate data retention of traffic and location data as a preventive measure to combat serious criminal offenses, violate Union law and are therefore impermissible.


Expensive update for Tesla

In September 2021, Munich’s regional court (the LG Munich) awarded a plaintiff 130,446 euros in damages. A vehicle purchased by the plaintiff – a Tesla Model X P100D – was no longer height-adjustable after its owner performed a software update. This article examines the obligations of a manufacturer of automobiles (“connected cars”) prior to rolling out and installation of over-the-air (OTA) updates and the obligations to provide information regarding functions or changes to functions and the legality of certain features.


First European code of conduct for the pharma industry opproved

A Code of Conduct regulating the processing of personal data in the field of clinical trials and other clinical research and pharmacovigilance has been approved. The code of conduct, promoted by Farmaindustria in Spain, regulates how the promoters of clinical studies with medicines and the CROs that decide to adhere thereto must apply the data protection regulations. Data controllers and data processors that adhere to the code of conduct are obliged to comply with its provisions.

"Zuckerberg Congress 2018.04.jpg" by ahhhnice is licensed under CC BY 2.0. To view a copy of this license, visit https://creativecommons.org/licenses/by/2.0/?ref=openverse.

Lawmakers call for better Facebook user data oversight

Last week, Motherboard revealed that Facebook’s systems are designed in such a way that the company can struggle to track users’ data within its own systems, according to a leaked internal document. After Motherboard published the document, several U.S. and European lawmakers called for stronger oversight of the tech giant to make sure it complies with existing regulations, such as the EU’s General Data Protection Regulation (GDPR), and California’s Consumer Privacy Act, and even more government regulations to protect users’ privacy.


Facebook doesn’t know what it does with your Data, or where it goes

Facebook is facing what it describes internally as a “tsunami” of privacy regulations all over the world, which will force the company to dramatically change how it deals with users’ personal data. And the “fundamental” problem, the company admits, is that Facebook has no idea where all of its user data goes, or what it’s doing with it, according to a leaked internal document obtained by Motherboard.


Dutch GDPR class action against Oracle and Salesforce declared inadmissible

The first major GDPR class action under the Dutch Act on Mass Damages Settlement in Class Actions (WAMCA) has been declared inadmissible before a substantive assessment could take place. The Privacy Collective (TPC) started a class action on behalf of ten million individuals (all internet users in the Netherlands) against Oracle and Salesforce. TPC claimed that Oracle and Salesforce unlawfully processed personal data, among other things because of their crucial role in the Real Time Bidding (RTB) process.

hamer van rechter

Bulgarian supreme administrative court with decision on processing data for journalistic purposes

The Bulgarian Supreme Administrative Court issued a decision setting out criteria relevant for assessing the balance between the right to freedom of expression and information and the right to the protection of personal data.


Italiaanse waakhond geeft miljoenenboete aan gezichtsscanbedrijf Clearview AI

De Italiaanse privacywaakhond GPDP heeft Clearview AI woensdag een boete opgelegd van 20 miljoen euro. De manier waarop het gezichtsscanbedrijf data verzamelt is in strijd met de Europese wetgeving, stelt de toezichthouder. Clearview AI verzamelt afbeeldingen van sociale media om een grote database van gezichten te creëren.


What has to be in a copy?

For the first time since the entry into force of the General Data Protection Regulation, the Federal Administrative Court has submitted a request for a preliminary ruling to the European Court of Justice regarding a decision by the data protection authority on the binding interpretation of EU provisions. The subject of the question is the right of access respectively the receipt of a copy of personal data.


Securing privacy compliance for virtual voice assistants

Virtual Voice Assistants (“VVA”) continue to grow in popularity as the precision of the technology improves. The European Data Protection Board (“EDPB”) recently adopted new guidelines addressing how data controllers and data processors shall manage personal data to ensure that their VVAs are compliant with the European General Data Protection Regulation (“GDPR”).


2021 in GDPR fines

The EU General Data Regulation (GDPR) is among the world’s toughest data protection laws. In this article you will have a general overview about the fines imposed by control authorities in 2021.


Veelgebruikte cookiepop-ups van IAB zijn in strijd met de AVG

De Belgische Gegevensbeschermingsautoriteit heeft op 2 februari 2022 geoordeeld dat het Transparency and Consent Framework (TCF) van IAB Europe om meerdere redenen niet aan de AVG voldoet.


Privacywaakhond: brancheorganisatie online advertenties overtreedt wet

De online advertentiebrancheorganisatie IAB Europe handelt in strijd met de Europese privacywet. Dat heeft de Belgische Gegevensbeschermingsautoriteit (GBA) geoordeeld namens alle Europese autoriteiten. IAB Europe moet binnen twee maanden een plan presenteren waarmee het lijn in komt met de wet. Ook moet de organisatie een kwart miljoen euro boete betalen.


Athlete’s performance data & Project Red Card

This article provides an insight to the ever increasing market of performance analysis and the intersection with athlete’s performance data. A tool and resource used by sports clubs across the world, this article explains the current state of the market; how performance data is used and its value; and whether sports clubs may be in for a data protection ‘red card’ in the near future.


The new Slovak electric communication act shall change opt-out regime to opt in regime for cookies

The use of cookies will therefore no longer be linked to the passivity of the users concerned (opt-out). Anyone who stores or obtains access to information stored in the user’s endpoint equipment (cookies) will have to have the prior consent of the user concerned (opt-in), and the consent must comply with the requirements of the GDPR.


The Norwegian data processing authority issues a USD7.2 million fine to Grinder LLC

Following an investigation carried out by the Norwegian Consumer Council, the Norwegian Data Processing Authority on 13 December 2021 issued a fine of NOK 65 million (approximately USD 7.2 million) to Grindr, a U.S. based social networking app for gay, bi, trans and queer people. The legal basis for the fine was that Grindr had disclosed personal data to advertising partners without a valid consent or other legal basis under the GDPR Article 6, and further that special categories of personal data had been disclosed without a valid exemption from the prohibition set out in Article 9.

Google Neon letters

Oostenrijkse toezichthouder: gebruik Google Analytics in strijd met AVG

Het gebruik van Google Analytics is in strijd met de AVG, zo heeft de Oostenrijkse privacytoezichthouder DSB geoordeeld. De uitspraak kan gevolgen voor zeer veel websites in de Europese Unie hebben. Volgens de DSB wordt erbij het gebruik van Google Analytics persoonlijke data naar Google in de Verenigde Staten verstuurd, waaronder user identifiers, ip-adressen en browserparameters. Dat is het oordeel over een klacht die noyb, de privacyorganisatie van de bekende activist Max Schrems, had ingediend.


French regulator tells Clearview AI to delete its facial recognition data

France’s foremost privacy regulator has ordered Clearview AI to delete all its data relating to French citizens, as first reported by TechCrunch. In its announcement, the French agency CNIL argued that Clearview had violated the GDPR in collecting the data and violated various other data access rights in its processing and storage. As a result, CNIL is calling on Clearview to purge the data from its systems or face escalating fines as laid out by European privacy law.


Facebook could be sued by consumer groups, EU court adviser says

Facebook could be sued by consumer groups for privacy violations, an adviser to Europe’s top court said on Thursday, in a German online gaming case that could pave the way for similar action across the EU.


SCCS and COCS and BCR – untangling the web and spotting the difference

Under GDPR, data export to third countries is only permitted if the conditions under Chapter 5 are met. The adequacy decision by the commission according to art. 45 GDPR is the Chapters silver bullet.

code and person

When AI met privacy

How to fulfil the data protection obligations when using artificial intelligence? One of the main issues of concern is the use of personal information by the algorithms. The European AI industry encourages self-regulation.

Deze site maakt gebruik van functionele cookies. Als u ook toegang wilt tot ingesloten inhoud waarbij mogelijk trackers gehanteerd worden van deze aanbieders, klikt u op accepteren. Lees onze privacyverklaring

Deze site is standaard ingesteld op 'cookies toestaan", om je de beste mogelijke blader ervaring te geven. Als je deze site blijft gebruiken zonder je cookie instellingen te wijzigen, of als je klikt op "Accepteren" hieronder, dan geef je toestemming voor het gebruik van Cookies.