The Personal Information Protection Law and the Network Data Security Management Regulation, among other laws and regulations, stipulate the methods for transferring personal information overseas, including: a data transfer security assessment, a standard contract, and certification. Additionally, other conditions may permit the personal information overseas transfer. Recently, the Cyberspace Administration of China (“CAC”) released the […]
Internationaler Datenschutz
Internationaler_Datenschutz
Benelux Authorities Tighten Scrutiny on DPO Appointments
Authorities in Belgium, the Netherlands, and Luxembourg are paying closer attention to how organizations appoint their Data Protection Officers (DPOs). They are especially focused on making sure DPOs can work independently, without a conflict of interest and have enough resources to do their job properly. In the Netherlands, the Dutch Authority for Personal Data (AP) […]
EDPB Issues Opinion on Personal Data Processing by AI Models
As artificial intelligence (AI) increasingly integrates into daily life, its influence on privacy continues to grow. Developing AI models often involves processing vast amounts of data, and such models are now widely involved in numerous processing activities. This trend has raised concerns about privacy, transparency, and fairness. In response to these challenges, the European Data […]
Liability: Responsibility for Processing Personal Data
New Years Eve is a time when we all tend to look back on the past year and revel in achievements and berate ourselves for mistakes made or goals not yet achieved. I also find that this is a time when I start to regret some of the holiday gifts I purchased. Things I thought […]
BeReal – Too Real to Accept a No?
The French social media app BeReal promises its audience a daily dose of real life. Users are encouraged to “BeReal” by sharing daily selfies with their followers. To that end, every day at a random time, users receive a notification inviting them to „BeReal“ and take and post a photo of themselves within the next […]
Chile Aprueba Nueva Ley de Protección de Datos
La nueva ley de protección de datos personales, Ley 21.719 se publicó hoy, 13 de diciembre de 2024 en el diario oficial de la República de Chile. La nueva ley entrará en vigor 24 meses después de su publicación esto es, en Diciembre de 2026. De acuerdo con el portal de internet del gobierno de […]
Copyright Lawsuit Against OpenAI in India
Indian news agency ANI has filed a lawsuit against OpenAI, accusing the company of using copyrighted material without authorization. ANI joins a growing group of publishers worldwide challenging OpenAI and other AI developers over similar practices. The lawsuit, filed in the Delhi High Court, centers on OpenAI’s use of publicly available content for training its […]
The Icelandic DPA Upholds Legitimate Interest of Cross-Checking Caller Information and Follow-Up Surveys
In a recent decision, the Icelandic Data Protection Authority (DPA), Persónuvernd, upheld the legitimate interest of companies sending customer satisfaction surveys and cross-referencing caller information. The case involved the insurance company VÍS and one of its customers and addressed whether a data controller could lawfully cross-check a (anonymous) caller’s phone number with its customer database […]
Understanding China’s Network Data Security Management Regulation: Key Comparisons with GDPR and PIPL
After years of development, People’s Republic of China (“China”) has established a data security legal framework centered on the “Cybersecurity Law”, “Data Security Law”, and “Personal Information Protection Law” (PIPL). The issuance of the “Network Data Security Management Regulation” (“the Regulation”) by the State Council coordinates the implementation of the data security management requirements stipulated […]
Biometric Data and GDPR Compliance – a Case Analysis
The growing use of biometric systems in workplaces has brought new challenges for data protection, especially with the General Data Protection Regulation (GDPR) in Europe. A recent case in Belgium highlights these issues after a company introduced a fingerprint-based time-tracking system without properly adhering to GDPR rules. Facts In 2020, a Belgian company began using […]
The landscape of online proctoring and the intersection of GDPR and US laws
With the rise of remote learning, online proctoring – used to ensure academic integrity during virtual exams – has become widely adopted by schools and universities across the U.S. These tools use methods like identity verification, video and audio monitoring, eye-tracking, and even AI-based behavioral analysis. As this technology proliferates, concerns about how such software […]
Navigating Employee Email Privacy: Lessons from a recent Fine by Italy’s DPA
The Italian Data Protection Authority (Garante) recently imposed a significant fine of 80,000 euros on a company, for mishandling a sales agent’s email data, highlighting once again the challenges and complexities of managing employee data, in particular when access to employees’ emails is required. The issue arose when the company used a backup of the […]
Online Proctoring and Data Protection in Germany and France
Online proctoring refers to the use of digital tools and technologies to remotely monitor students during online exams. This technology typically involves video and audio recording capabilities such as screen and web traffic recording, room recording, periodic desk scans and sometimes methods such as biometric recognition to reduce the potential for academic dishonesty and maintain […]
Fines remain discretionary
Does anyone remember 12 September 2019? The GDPR was still new, but the initial excitement had died down and the first practical experiences with the new law had crystallised. Much was unclear, but some things were slowly becoming clearer. On 12 September, around 200 data protection lawyers met in Bremen, Germany for the 20th Autumn […]
UK Data Protection Commissioner (ICO) launched a Data Protection Audit Framework
The ICO has recently issued an instrument to support organisations in verifying data protection compliance. The online audit toolkits can be used to conduct both consensual and compulsory audits. The toolkits are designed for organization personnel having familiarity with data protection compliance or data protection professionals (for example: senior management, the data protection officer, internal […]