Posted in Compliance and risk management, Cybersecurity
This blogpost summarises our recent webinar: “An urgent message from Berlin: The importance of record retention in privacy and cybersecurity”.… Continue reading
Posted in Enforcement
On October 30, 2019 the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit – Berlin DPA) issued a €14.5 million fine on a German real estate company, die Deutsche Wohnen SE (Deutsche Wohnen), the highest German GDPR fine to date. The infraction related to the over retention of personal … Continue reading
Posted in Dispute resolution and litigation
On 24 September 2019 the Court of Justice of the European Union (CJEU) gave two judgments (Cases C-507/17 and C-136/17) ruling that: (i) de-referencing by Google should be limited to EU Member States’ versions of its search engine with some important qualifications; and (ii) when Google receives a request for de-referencing relating to a link … Continue reading
Posted in Compliance and risk management
On 18 June 2019, Facebook announced plans to launch a new blockchain enabled cryptocurrency called Libra.… Continue reading
Posted in Regulatory response
Obligations Turkey’s data protection legislation (TDPL) requires data controllers to notify the Turkish DPA of their processing activities. Unless exempt from the requirement, all data controllers (individuals and legal entities) who process personal data in Turkey must be registered with the Turkish DPA’s Register of Data Controllers Information System (VERBİS), prior to processing any personal … Continue reading
Posted in Compliance and risk management
On 4 July 2019, the CNIL published new guidelines on cookies and other similar technologies, repealing its 2013 cookie guidance in order to align its position with the GDPR’s new requirements on consent. These guidelines will be supplemented during the first quarter of 2020 by sectoral recommendations aimed at providing practical guidance to stakeholders on … Continue reading
Posted in General
We are pleased to report that Norton Rose Fulbright has been shortlisted for cyber law firm of the year at the 2019 Insurance Insider Cyber Rankings Awards.… Continue reading
Posted in Compliance and risk managementOften questioned about online advertising targeting by both the public and professionals, the CNIL released its action plan for 2019-2020 with a view to providing further details about the applicable advertising rules and to support stakeholders in their compliance with them.… Continue reading
Posted in CCPA, Compliance and risk management
Posted in Cybersecurity, Data breach
Posted in Compliance and risk management, Enforcement
Big data companies like Google and Facebook are now facing increased scrutiny about the use of massive amounts of personal data in the digital ad marketplace.… Continue reading
Posted in Enforcement
On 12 April, the Information Commissioners Office (ICO) fined Bounty, a pregnancy and parent support club, £400,000 for illegally sharing personal data belonging to more than 14 million people. As the contravention took place just before the General Data Protection Regulation (GDPR) came into force, the fine was issued under the Data Protection Act 1998 … Continue reading
Posted in Data breach
The Supreme Court has granted Morrisons to appeal against the judgment of the Court of Appeal in Morrison Supermarkets PLC v Various Claimants.… Continue reading
Five years after the commencement of legal proceedings against Google by leading French consumer association UFC Que Choisir, the Paris “Tribunal de Grande Instance” (TGI), in a decision dated 12 February 2019, issued its ruling on the legality of the Google+ Terms of Use and Privacy Rules, both with respect to consumer law and personal … Continue reading
Posted in Dispute resolution and litigation
The opinion includes whether consent is ‘freely given’ pursuant to the ePrivacy-Directive and GDPR and insight on what constitutes ‘informed consent.'… Continue reading
Posted in Enforcement
A mid-level German employment court recently had to consider the scope of subject access requests under the EU General Data Protection Regulation (GDPR) in the context of compliance and whistle-blowing regimes. The Regional Labour Court (Landesarbeitsgericht) of Stuttgart decided that an employer was required not only to provide an employee with the records containing performance … Continue reading
Posted in GeneralOn 7 February 2019, the German antitrust authority (Bundeskartellamt, the FCO) ruled against Facebook combining user personal data from different sources, saying it was exploiting its position as a dominant social media company in violation of the EU data protection laws. The FCO said that Facebook abused its market dominance in: collecting, merging and using … Continue reading
On January 21,2019 the French data protection authority (the CNIL) imposed a major fine on the U.S. Google entity, Google LLC. It follows two complaints filed as soon as the GDPR came into force by two consumer rights associations, None of Your Business and La Quadrature du Net. We focus here on four key aspects … Continue reading
On November 21, 2018, the Pennsylvania Supreme Court broke new ground by holding that employers have a legal duty to take reasonable care to safeguard its employees’ sensitive personal information from cyberattacks. … Continue reading
Posted in CCPAThis is the Data Protection Report’s fourth blog posts in a series of CCPA blog posts that will break down the major elements of the CCPA, which will culminate in a webinar on the CCPA in October. Stay tuned for additional blogs and information about our upcoming webinar on the CCPA. The California Consumer Privacy … Continue reading
This is the Data Protection Report’s second post in a series of blog posts that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. This blog focuses on covered entities. Stay tuned for additional posts and information about our upcoming webinar on the CCPA. … Continue reading
Posted in Dispute resolution and litigationOn June 22, 2018, the US Supreme Court issued a 5-4 decision in Carpenter v. United States, holding that the federal government needs a warrant to access cellphone location records. In the decision, the Court agreed that there should be a higher standard for accessing location records due to their intrusive nature.… Continue reading
Posted in Compliance and risk management
The German Data Protection Authorities (DPAs, acting as the German Data Privacy Conference, Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder) recently published templates for the records of processing activities for controllers (Art. 30 para. 1 GDPR) and processors (Art. 30 para. 2 GDPR) together with a corresponding guidance document. This guidance was expected to be released earlier … Continue reading
