The Swedish Data Protection Authority took a closer look at eight health care providers in Sweden. Special attention was paid to technical and organizational measures of their systems processing electronic health records. Access to personal data in general should be not only regulated in regards to external providers but also internal personnel. The often referenced […]
Cihan Parlar
Posts by Cihan Parlar:

Right to deletion? Dutch Court: Not if overriding interests exist!
Dutch Arnhem-Leeuwarden Court of Appeal (hereinafter “Court”) seems to give insides on what accounts to an overriding interest according to Art. 21 para. 1 GDPR, when considering the right to deletion according to Art. 17 para. 1 lit. c GDPR (see here). Facts The data subject who works as an accountant had provided false information […]

Belgian DPA requires small companies using CCTV to maintain a record of processing activity
The APD/GBA (Belgian DPA) in April 2020 decided upon a complaint made in September 2018 with the authority.[1] The affected person claimed that he was filmed by CCTV of a store while walking outside on the sidewalk. The DPA investigated the complaint and requested from the store owner what can be expected: Storage period of […]

Dutch DPA imposes fine on company using fingerprint technology for attendance and time registration
The Autoriteit Persoonsgegevens, Dutch data protection authority, imposed a fine on a company, which relied on scanning their employees’ fingerprints for attendance and time registration.[1] Facts in a nutshell In the case at hand, the respective company introduced the new fingerprint system in order to reduce the fraudulent abuse of the previous attendance and time […]
The “Cookiewall” crumbles
The Dutch data protection authority on 7th March 2019 issued an opinion[1] on the use of so called “Cookiewalls”, deeming such practice as unlawful in light of the GDPR and announcing intensified audits in regards to the right implementation of cookies in the coming period.[2] European regulation of Cookies The first regulation of cookies at […]
Give me all your data: US CLOUD Act & Australian “Decryption” Bill vs. the GDPR
Nowadays crimes are more and more committed or at least facilitated by a smartphone or other computing device. That is why digital evidence in form of data is essential in almost all criminal investigations.[1] But that does not mean that the collection of such evidence is straightforward and effortless. Law enforcement authorities (LEAs) face, among […]