Topic: Enforcement

Subscribe to Enforcement RSS feed

French court issues decision on legality of Privacy Rules and Terms of Use under data protection and consumer law

Norton Rose Fulbright - Data Protection Report blog

Five years after the commencement of legal proceedings against Google by leading French consumer association UFC Que Choisir, the Paris “Tribunal de Grande Instance” (TGI), in a decision dated 12 February 2019, issued its ruling on the legality of the Google+ Terms of Use and Privacy Rules, both with respect to consumer law and personal data protection regulations.… Continue Reading

German court ruled that protection of the whistle-blower confidentiality does not generally override the data subject access right

Data Protection Report - Norton Rose Fulbright

A mid-level German employment court recently had to consider the scope of subject access requests under the EU General Data Protection Regulation (GDPR) in the context of compliance and whistle-blowing regimes. The Regional Labour Court (Landesarbeitsgericht) of Stuttgart decided that an employer was required not only to provide an employee with the records containing performance and behavioural data, but also to disclose information regarding internal investigations. This is the first reported successful enforcement of a data subject access right under Article 15 GDPR before a regional labour court in Germany. (The judgment was handed down on … Continue Reading

GDPR, CCPA and beyond: Changes in data privacy laws and enforcement risks to monitor in 2019

Norton Rose Fulbright - Data Protection Report blog

This is the Data Protection Report’s eighth blog post in series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA.

With significant enforcement activity and new laws being enacted or proposed since the start of the year, regulators in the EU and the US, several US states, and the US Congress are showing they mean business in terms of data privacy.

To help companies best protect consumer data and remediate enforcement risks, we provide below an overview of the following:

  1. two noteworthy recent EU and US
Continue Reading

EDPB issues new opinion on interplay between Clinical Trials Regulation and the GDPR

Norton Rose Fulbright - Data Protection Report blog

On January 23, 2019, the European Data Protection Board (“EDPB”) issued an opinion on the interplay between the Clinical Trials Regulation (“CTR”) and the General Data Protection Regulation (“GDPR”). See our previous blog posts on the GDPR here and here. The opinion also addresses GDPR requirements regarding (1) the legal basis for processing personal data in the course of a clinical trial protocol (primary use) and (2) the further use of clinical trial data for other scientific purposes (secondary use).

Even though the CTR already entered into force on June 16, 2014, the regulation’s application depends on the … Continue Reading

First multi-million Euro GDPR fine: Google LLC fined €50 million under GDPR for transparency and consent infringements in relation to use of personal data for personalized ads

Norton Rose Fulbright - Data Protection Report blog

On January 21,2019 the French data protection authority (the CNIL) imposed a major fine on the U.S. Google entity, Google LLC.  It follows two complaints filed as soon as the GDPR came into force by two consumer rights associations, None of Your Business and La Quadrature du Net.

We focus here on four key aspects of the decision: (a) why the Irish Data Protection Commission (Irish DPC) did not take the case; (b) the consent mechanism failings; (c) the privacy policy failings; and (d) the amount of the fine.… Continue Reading

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report - Norton Rose Fulbright

The two-year transitional period under the New York State Department of Financial Services (“DFS”) Cybersecurity Regulation, 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Entities covered by the Regulation that utilize third party service providers, which include not only banks and insurers, but also other financial services institutions and licensees regulated by the DFS, will be required to implement third-party risk management programs by March 1.… Continue Reading

LexBlog