The Court of Justice of the European Union (CJEU) has recently issued a landmark decision (C-21/23 “Lindenapotheke”) that expands the interpretation of what constitutes health data under the General Data Protection Regulation (GDPR). This ruling has significant implications for businesses, especially those involved in the sale of medicinal products online. A Wider Scope of Health […]
Cihan Parlar
Posts by Cihan Parlar:
Understanding the EU AI Act: What Your Company Needs to Know
AI (Artificial Intelligence) is becoming a big part of how businesses operate. But with this technology comes new rules that companies must follow. The EU AI Act, effective since August 1st 2024, is one of these important new rules. If your company uses or develops AI, it’s important to know what this means for you. […]
Erleichterung für Schweiz-US-Datentransfers: Neues Abkommen löst langjährige Datenschutzprobleme
Ab dem 15. September 2024 wird der Transfer personenbezogener Daten von der Schweiz in die USA deutlich einfacher. Grund dafür ist ein neues Rahmenabkommen, das kürzlich vom Schweizerischen Bundesrat genehmigt wurde. Mit dieser Entscheidung können Datentransfers nun auf einer Angemessenheitsentscheidung basieren, wodurch der bisherige Aufwand mit den Standardvertragsklauseln (SCCs) entfällt. Bislang mussten Schweizer Unternehmen einen […]
Swiss-U.S. Data Transfers: New Framework solves Privacy Hassles, finally!
Starting September 15, 2024, transferring personal data from Switzerland to the United States will become significantly easier, thanks to a new framework approved by the Swiss Federal Council. This marks a significant shift, allowing these data transfers to rely on an adequacy decision rather than the more complex Standard Contractual Clauses (SCCs). Until this decision, […]
Need-to-know? Health care providers under scrutiny by Swedish Authority
The Swedish Data Protection Authority took a closer look at eight health care providers in Sweden. Special attention was paid to technical and organizational measures of their systems processing electronic health records. Access to personal data in general should be not only regulated in regards to external providers but also internal personnel. The often referenced […]
Right to deletion? Dutch Court: Not if overriding interests exist!
Dutch Arnhem-Leeuwarden Court of Appeal (hereinafter “Court”) seems to give insides on what accounts to an overriding interest according to Art. 21 para. 1 GDPR, when considering the right to deletion according to Art. 17 para. 1 lit. c GDPR (see here). Facts The data subject who works as an accountant had provided false information […]
Belgian DPA requires small companies using CCTV to maintain a record of processing activity
The APD/GBA (Belgian DPA) in April 2020 decided upon a complaint made in September 2018 with the authority.[1] The affected person claimed that he was filmed by CCTV of a store while walking outside on the sidewalk. The DPA investigated the complaint and requested from the store owner what can be expected: Storage period of […]
Dutch DPA imposes fine on company using fingerprint technology for attendance and time registration
The Autoriteit Persoonsgegevens, Dutch data protection authority, imposed a fine on a company, which relied on scanning their employees’ fingerprints for attendance and time registration.[1] Facts in a nutshell In the case at hand, the respective company introduced the new fingerprint system in order to reduce the fraudulent abuse of the previous attendance and time […]
The “Cookiewall” crumbles
The Dutch data protection authority on 7th March 2019 issued an opinion[1] on the use of so called “Cookiewalls”, deeming such practice as unlawful in light of the GDPR and announcing intensified audits in regards to the right implementation of cookies in the coming period.[2] European regulation of Cookies The first regulation of cookies at […]
Give me all your data: US CLOUD Act & Australian “Decryption” Bill vs. the GDPR
Nowadays crimes are more and more committed or at least facilitated by a smartphone or other computing device. That is why digital evidence in form of data is essential in almost all criminal investigations.[1] But that does not mean that the collection of such evidence is straightforward and effortless. Law enforcement authorities (LEAs) face, among […]