Loading

Tag: EDPB

Tag: EDPB

A year of Data Protection Law: 2024 review

Throughout this year, the EU and the UK have experienced several notable developments in data protection. In this article, we will highlight some of the key milestones of 2024.   The year began with an ever relevant reminder, advising UK organisations on the transfer of personal data to the US under the UK GDPR, stressing

ePrivacy Directive Article 5(3): Device Tracking and User Consent

Understanding Article 5(3) of the ePrivacy Directive and its Implications on Device Tracking and User Consent   The ePrivacy Directive, specifically Article 5(3), restricts the storage and access of information on users’ devices without their consent, except under specific conditions. This legislation plays a crucial role in protecting users from unauthorized storage and access to

Legitimate interest as a legal basis: Guidance from the EDPB

Controllers must ensure necessary, proportionate, processing which respects the rights of data subjects, ensuring GDPR compliance.   When processing personal data under the General Data Protection Regulation (GDPR), controllers must ensure that their actions are lawful. Specifically, if relying on Article 6(1)(f) of the GDPR, the processing must be based on a legitimate interest. This

The EDPB releases its Opinion on ‘Pay or Ok’ Models

The EDPB highlights the need to comply with all the requirements of the GDPR, in particular those for valid consent.   In the rapidly evolving landscape of ecommerce and data protection, it is paramount for businesses to understand how any new practices involving the processing of personal data may affect their user’s privacy and the

”Pay or ok” — Does this new paid subscription model invalidate consent?

There has been much debate about the validity of consent under the GDPR as it relates to the “Pay or ok” paid subscription model on social media and other platforms and websites.   Since November 7, European users of Facebook and Instagram have had the option to pay a subscription in exchange for an ad-free

EDPB publishes urgent binding decision regarding Meta

EDPB publishes urgent binding decision regarding Meta, emphasizing the company’s obligation to provide clear, transparent information to users about how their data is being used.   The European Data Protection Board (EDPB) recently published an urgent binding decision regarding Meta, the technology conglomerate, also known as Facebook. This decision marks an important development in data

Data protection guide for small businesses published by the EDPB

The EDPB has recently published a data protection guide for small businesses to aid with GDPR compliance.   The European Data Protection Board (EDPB) has released a new guide aimed at helping small businesses comply with the GDPR, as stated in this report. The guide provides a comprehensive overview of the key principles of data

Updated guidelines on data subject access requests issued by the EDPB

The EDBP has issued finalised updated guidelines on data subject access requests, providing practical advice for organisations.   The European Data Protection Board (EDPB) has issued updated guidelines on data subject access requests that provide practical advice for organisations receiving these requests from individuals. This update builds on previous guidelines published a little over a

Coordinated investigation into the role of Data Protection Officers launched by EDPB

The EDPB has launched a coordinated investigation into the role of Data Protection Officers across the EU.    The European Data Protection Board (EDPB) has launched a coordinated investigation into the role of Data Protection Officers (DPOs) across the European Union. The purpose of the investigation is to assess the actual implementation and enforcement of

Data breach notification guidelines from the EDPB

The EDPB has recently published a document containing detailed data breach notification guidelines for EU organisations.    The EDPB has recently published a document that provides guidelines on how to handle personal data breaches as required by the EU General Data Protection Regulation (GDPR). The guidelines are intended to assist controllers, processors and supervisory authorities