Loading

Category: Data Protection

CNIL imposes €1 million fine for several infractions related to data subject’s rights and transparency obligations

€1 million fine imposed by CNIL on an energy company for several GDPR violations related to data subject’s rights and transparency obligations.    After receiving several complaints regarding the difficulties encountered by users in having their requests for access to their data and opposition to receiving calls for the purposes of direct marketing fulfilled by

Legal basis is required for audio surveillance, according to the Polish SA

The Polish SA says a legal basis is required for audio surveillance and has fined the Warsaw Centre for Intoxicated Persons for a lack thereof.   The Polish Supervisory Authority was recently informed that between 2016 and 2021, the Warsaw Centre for Intoxicated Persons recorded sound through its surveillance system, without a legal basis to

Digital Markets Act and Digital Services Act officially approved in the EU

The digital markets act and digital services act have officially been approved in the EU and are being implemented.   EU lawmakers recently approved the Digital Markets Act (DMA), and Digital Services Act (DSA), which will help control unfair advantage by tech giants such as Google, Amazon, Apple, Facebook and Microsoft.  Companies may now face

AI regulatory sandbox: pilot program launched

The Government of Spain and the European Commission recently launched a pilot program for the AI regulatory sandbox.    Last month, the government of Spain and the European Commission presented a pilot of the first regulatory sandbox on Artificial Intelligence. This sandbox aims to bring together the  competent authorities and the companies that develop AI

GDPR-CARPA certification mechanism adopted by CNPD

Luxembourg adopted the GDPR-CARPA verification mechanism  becoming the first country to introduce a certification mechanism under the GDPR.   The National Data Protection Commission of Luxembourg (CNPD) adopted its GDPR-CARPA (Certified Assurance-Report based Processing Activities) certification mechanism last month. This will be known as the first certification mechanism under the GDPR to be adopted on

Data sharing for charities: guidance from CNIL

CNIL recently published guidance relating to data sharing for charities for the purposes of prospecting.   CNIL recently published guidance relating to data sharing for charities for the purposes of prospecting. According to CNIL, these guidelines are geared towards any association or foundation appealing to the generosity of the public to receive donations, which wishes

Google Analytics custom features do not make transfers legal, according to CNIL

CNIL has announced that even with the use of Google Analytics custom features, transfers are still not legal.    CNIL recently announced that even with the use of Google Analytics custom features, transfers are still not legal in the absence of a transfer deal between Europe and the US. This announcement was added in the

The concept of “data exporter” clarified by the Danish DPA

In the light of the Schrems II judgment by the CJEU, questions relating to the concept of “data exporter” have been clarified by the Danish DPA.     Since the CJEU’s Schrems II judgment, the Danish Data Protection Agency has received an increasing number of questions relating to the transfer of personal data to third countries.

New data strategy introduced in the UK

New data strategy introduced in the UK to drive innovation and improve efficiency in the health sector.    The UK recently announced a new data strategy for health data, which focuses on 7 principles to harness the data-driven power and innovation exhibited during the pandemic, and use it to improve the future of healthcare. These

Dark patterns in social media platform interfaces

Dark Patterns are defined by the European Data Protection Board (EDPB), as “interfaces and user experiences implemented on social media platforms that lead users into making unintended, unwilling and potentially harmful decisions regarding the processing of their personal data”. These dark patterns seek to influence user behaviour on those platforms, hindering their ability to make conscious