In today’s digital landscape, email marketing remains one of the most effective tools for businesses to connect with clients and partners. However, ensuring compliance with local data protection and anti-spam laws is essential to avoid legal complications. For businesses operating in or communicating with recipients in Canada, the Canada’s Anti-Spam Legislation (CASL) and other data […]
Internationaler Datenschutz
Internationaler_Datenschutz
A Trip to Canada’s Data Protection Landscape
As we are entering into autumn, most people are traveling the world again. Some prefer a few quiet weeks at the beach, while others are seeking adventures climbing mountains and jumping off cliffs. Nerds like me however, like to discover the curiously wild landscape of Canada’s data protection laws. It keeps us lawyers constantly on […]
Data Protection Officer (DPO) in Singapore – obligations, role and responsibilities
The Personal Data Protection Act (PDPA) of Singapore mandates organizations to safeguard the personal data they collect, use, or disclose. A key aspect of this responsibility is appointing a Data Protection Officer (DPO) or a team to ensure compliance with the PDPA. Appointing a DPO – requirements and obligations As part of the Accountability Obligation, […]
Unlawful use of facial recognition technology (FRT) at a school in Essex
The UK’s supervisory authority, the Information Commissioner’s Office (ICO), announced on 23 July 2024 that it had issued a warning to a school in Essex for the unlawful use of facial recognition technology – a violation of Art. 58 para. 2 lit. b UK GDPR. What happened? In March 2023, the school began using facial […]
Unrechtmäßiger Einsatz von Gesichtserkennungstechnologien an Schule in Essex
Die englische Aufsichtsbehörde, Information Commissioner´s Office (ICO), hat am 23. Juli 2024 mitgeteilt, eine Verwarnung gegen eine Schule in Essex wegen des unrechtsmäßigen Verwendens von Gesichtserkennungstechnologie ausgesprochen zu haben – ein Verstoß gegen Art. 58 Abs.2 lit. b UK GDPR. Was war passiert? Die Schule hatte im März 2023 begonnen, Gesichtserkennungstechnologien in der Kantine der […]
Case Analysis: A Landmark Cross-Border Data Transfer Dispute in China
In a significant ruling that underscores the growing emphasis on personal data protection in China, the Guangzhou Internet Court recently concluded a case involving cross-border data transfer violations under the Personal Information Protection Law of the People’s Republic of China (PIPL). The case, titled (2022) Yue 0192 Min Chu 6486, saw Mr. Z, a Chinese […]
290 Millionen Euro Strafe für Uber wegen unerlaubter Datenübermittlung in die USA
Die niederländische Datenschutzbehörde Autoriteit Persoonsgegevens (AP) hat gegen den Fahrdienstvermittler Uber eine Geldstrafe von 290 Millionen Euro verhängt (Pressemitteilung hier). Grund dafür ist die unerlaubte Übermittlung personenbezogener Daten europäischer Uber-Fahrer in die Vereinigten Staaten ohne ausreichenden Schutz, was einen schweren Verstoß gegen die Datenschutz-Grundverordnung (DSGVO) darstellt. Uber hat die Verstöße inzwischen eingestellt, kündigte jedoch an, […]
Erleichterung für Schweiz-US-Datentransfers: Neues Abkommen löst langjährige Datenschutzprobleme
Ab dem 15. September 2024 wird der Transfer personenbezogener Daten von der Schweiz in die USA deutlich einfacher. Grund dafür ist ein neues Rahmenabkommen, das kürzlich vom Schweizerischen Bundesrat genehmigt wurde. Mit dieser Entscheidung können Datentransfers nun auf einer Angemessenheitsentscheidung basieren, wodurch der bisherige Aufwand mit den Standardvertragsklauseln (SCCs) entfällt. Bislang mussten Schweizer Unternehmen einen […]
Swiss-U.S. Data Transfers: New Framework solves Privacy Hassles, finally!
Starting September 15, 2024, transferring personal data from Switzerland to the United States will become significantly easier, thanks to a new framework approved by the Swiss Federal Council. This marks a significant shift, allowing these data transfers to rely on an adequacy decision rather than the more complex Standard Contractual Clauses (SCCs). Until this decision, […]
Why Canada is facing more Cyberattacks than ever
Ignorance is bliss, they say, but this is definitely not true when it comes to data protection and data security. Our daily lives revolve more and more around the online world (home office with video conferences, online banking, social media and the list goes on). This, most certainly, comes with a lot of amenities. However, […]
AI and HR – Navigating legal obligations in Europe
Artificial Intelligence (AI) is reshaping HR and recruitment practices worldwide, promising enhanced efficiency and precision. While the adoption of AI in HR is not groundbreaking news, as many large companies have relied on similar solutions for years, its undeniable benefits continue to drive organizations of all sizes towards embracing AI-powered tools. Technologies like resume screening […]
How to protect data from web scraping? Guidelines from The Italian DPA
The Italian Data Protection Authority (Garante per la protezione dei dati personali, or short Garante) has released in May 2024 guidelines aimed to protect personal data published online by public and private entities (in a role of data controller) from web scraping performed by third parties. While the purposes to perform data scraping or web […]
Retention of Metadata – legal and business impacts of the Italian DPA guideline – UPDATED
A few months ago, we delved into a new decision of the Italian data protection authority (Garante) on this blog, which recommended that employers set retention periods for their employees‘ email metadata not exceeding 7 days. This guideline created some confusion, leading the Garante to suspend its applicability and open it up for public consultation […]
Current legislation shaping Europe’s Digital Decade
In recent years, Europe has made decisive efforts to lead companies and people into the digital future. These efforts are ongoing and are leading to a dynamic process at legislative level with a flood of new legislation. This article provides an overview of several significant new pieces of legislation introduced by the EU as part […]
Italian Data Protection Authority imposed the highest fine so far on electricity provider
Telemarketing activities and aggressive practices against the consumers are again in the spotlight of the Italian Data Protection Authority (Garante), that imposed the highest fine ever on the Italian electricity provider Enel Energia. It is unfortunately very common that Italian consumers are harassed by unwanted telephone calls from marketing agencies proposing contracts for different services […]