The use of CCTV in light of the Luxembourg National Commission For Data Protecion’s sanctions.

In 2021, the Luxembourg National Commission for Data Protection (the “CNPD”) issued 48 decisions following assessments. 18 of these 48 decisions related to non-compliance of CCTV systems deployed by the controlled entities. Recently, the CNPD issued again new decisisions to sanction entities using CCTV systems that were not compliant with the GDPR.

Geplaatst op

op

inplp.com

Cross Border Transfers: recent developments

Generally, data transfers to third countries are prohibited unless the receiving country has received an adequacy decision from the European Commission. In the absence of this, outward transfers may only be conducted if the receiving jurisdiction proves that they have implemented appropriate safeguards that guarantee data subject’s rights and effective legal remedies.

Geplaatst op

op

inplp.com

Data retention overturned? Aftermath to the private sector?

In its ruling of April 5, 2022 - C-140/20 - the ECJ reaffirmed and once again made it unequivocally clear, that national laws, which provide for general and indiscriminate data retention of traffic and location data as a preventive measure to combat serious criminal offenses, violate Union law and are therefore impermissible.

Geplaatst op

op

inplp.com

Expensive update for Tesla

In September 2021, Munich’s regional court (the LG Munich) awarded a plaintiff 130,446 euros in damages. A vehicle purchased by the plaintiff – a Tesla Model X P100D – was no longer height-adjustable after its owner performed a software update. This article examines the obligations of a manufacturer of automobiles ("connected cars") prior to rolling out and installation of over-the-air (OTA) updates and the obligations to provide information regarding functions or changes to functions and the legality of certain features.

Geplaatst op

op

inplp.com

First European code of conduct for the pharma industry opproved

A Code of Conduct regulating the processing of personal data in the field of clinical trials and other clinical research and pharmacovigilance has been approved. The code of conduct, promoted by Farmaindustria in Spain, regulates how the promoters of clinical studies with medicines and the CROs that decide to adhere thereto must apply the data protection regulations. Data controllers and data processors that adhere to the code of conduct are obliged to comply with its provisions.

Geplaatst op

op

inplp.com

Lawmakers call for better Facebook user data oversight

Last week, Motherboard revealed that Facebook’s systems are designed in such a way that the company can struggle to track users’ data within its own systems, according to a leaked internal document. After Motherboard published the document, several U.S. and European lawmakers called for stronger oversight of the tech giant to make sure it complies with existing regulations, such as the EU’s General Data Protection Regulation (GDPR), and California’s Consumer Privacy Act, and even more government regulations to protect users’ privacy.

Geplaatst op

op

vice.com

Facebook doesn’t know what it does with your Data, or where it goes

Facebook is facing what it describes internally as a “tsunami” of privacy regulations all over the world, which will force the company to dramatically change how it deals with users’ personal data. And the “fundamental” problem, the company admits, is that Facebook has no idea where all of its user data goes, or what it’s doing with it, according to a leaked internal document obtained by Motherboard.

Geplaatst op

op

vice.com

Dutch GDPR class action against Oracle and Salesforce declared inadmissible

The first major GDPR class action under the Dutch Act on Mass Damages Settlement in Class Actions (WAMCA) has been declared inadmissible before a substantive assessment could take place. The Privacy Collective (TPC) started a class action on behalf of ten million individuals (all internet users in the Netherlands) against Oracle and Salesforce. TPC claimed that Oracle and Salesforce unlawfully processed personal data, among other things because of their crucial role in the Real Time Bidding (RTB) process.

Geplaatst op

op

inplp.com

What has to be in a copy?

For the first time since the entry into force of the General Data Protection Regulation, the Federal Administrative Court has submitted a request for a preliminary ruling to the European Court of Justice regarding a decision by the data protection authority on the binding interpretation of EU provisions. The subject of the question is the right of access respectively the receipt of a copy of personal data.

Geplaatst op

op

inplp.com

Securing privacy compliance for virtual voice assistants

Virtual Voice Assistants (“VVA”) continue to grow in popularity as the precision of the technology improves. The European Data Protection Board (“EDPB”) recently adopted new guidelines addressing how data controllers and data processors shall manage personal data to ensure that their VVAs are compliant with the European General Data Protection Regulation (“GDPR”).

Geplaatst op

op

inplp.com

2021 in GDPR fines

The EU General Data Regulation (GDPR) is among the world's toughest data protection laws. In this article you will have a general overview about the fines imposed by control authorities in 2021.

Geplaatst op

op

inplp.com

Privacywaakhond: brancheorganisatie online advertenties overtreedt wet

De online advertentiebrancheorganisatie IAB Europe handelt in strijd met de Europese privacywet. Dat heeft de Belgische Gegevensbeschermingsautoriteit (GBA) geoordeeld namens alle Europese autoriteiten. IAB Europe moet binnen twee maanden een plan presenteren waarmee het lijn in komt met de wet. Ook moet de organisatie een kwart miljoen euro boete betalen.

Geplaatst op

op

nos.nl

Athlete’s performance data & Project Red Card

This article provides an insight to the ever increasing market of performance analysis and the intersection with athlete's performance data. A tool and resource used by sports clubs across the world, this article explains the current state of the market; how performance data is used and its value; and whether sports clubs may be in for a data protection 'red card' in the near future.

Geplaatst op

op

inplp.com

The Norwegian data processing authority issues a USD7.2 million fine to Grinder LLC

Following an investigation carried out by the Norwegian Consumer Council, the Norwegian Data Processing Authority on 13 December 2021 issued a fine of NOK 65 million (approximately USD 7.2 million) to Grindr, a U.S. based social networking app for gay, bi, trans and queer people. The legal basis for the fine was that Grindr had disclosed personal data to advertising partners without a valid consent or other legal basis under the GDPR Article 6, and further that special categories of personal data had been disclosed without a valid exemption from the prohibition set out in Article 9.

Geplaatst op

op

inplp.com

Oostenrijkse toezichthouder: gebruik Google Analytics in strijd met AVG

Het gebruik van Google Analytics is in strijd met de AVG, zo heeft de Oostenrijkse privacytoezichthouder DSB geoordeeld. De uitspraak kan gevolgen voor zeer veel websites in de Europese Unie hebben. Volgens de DSB wordt erbij het gebruik van Google Analytics persoonlijke data naar Google in de Verenigde Staten verstuurd, waaronder user identifiers, ip-adressen en browserparameters. Dat is het oordeel over een klacht die noyb, de privacyorganisatie van de bekende activist Max Schrems, had ingediend.

Geplaatst op

op

security.nl

French regulator tells Clearview AI to delete its facial recognition data

France’s foremost privacy regulator has ordered Clearview AI to delete all its data relating to French citizens, as first reported by TechCrunch. In its announcement, the French agency CNIL argued that Clearview had violated the GDPR in collecting the data and violated various other data access rights in its processing and storage. As a result, CNIL is calling on Clearview to purge the data from its systems or face escalating fines as laid out by European privacy law.

Geplaatst op

op

theverge.com

Deze site maakt gebruik van functionele cookies. Als u ook toegang wilt tot ingesloten inhoud waarbij mogelijk trackers gehanteerd worden van deze aanbieders, klikt u op accepteren. Lees onze privacyverklaring

Deze site is standaard ingesteld op 'cookies toestaan", om je de beste mogelijke blader ervaring te geven. Als je deze site blijft gebruiken zonder je cookie instellingen te wijzigen, of als je klikt op "Accepteren" hieronder, dan geef je toestemming voor het gebruik van Cookies.

Sluiten