With 93% parliamentary support, the new Law will enter into force the day after its publication in the Official State Gazette (Boletín Oficial del Estado BOE). The new Law adapts Spanish law to the General Data Protection Regulation (GDPR) and introduces novelties through the development of certain matters contained in the GDPR. The following are […]
English Posts
Portuguese Data Protection Authority Imposes 400,000 € Fine on Hospital
The Barreiro Hospital in Portugal was fined 400,000 € by the Portuguese Data Protection Authority CNPD (Comissão Nacional de Proteção de Dados) for incompliancy with the EU General Data Protection Regulation (GDPR) by not separating access rights to patents’ clinical data. The public sector hospital had granted access to patients’ clinical data via their system […]
GDPR-Complaint against the “online behavioral advertising” industry
“Advertising is expensive, no advertising is even more expensive.” (Paolo Bulgari, Businessman and Designer of jewelry). According to this principle, programmatic buying and providing of advertising according to your behavior on the Internet, is becoming more and more important. Google also uses this concept of so- called “Programmatic Advertising” for its product campaigns. The private […]
Online Training Data Protection
Trainings and awareness measures are not only an important step in the implementation of data protection requirements, but, especially for larger organizations, oftentimes a particular challenge. We would like to offer you a guideline in the format of a 15-minute online training. What exactly is it about? In order to meet the statutory training requirement, […]
The UK DPA imposes a fine to an online leading mother and baby club
At the beginning of August 2018, the UK Information Commissioner (ICO) issued a fine of £ 140.000 To “Lifecycle Marketing (Mother and Baby) ” Ltd or “LCMB”, also known as “Emma´s Diary” for the illegal collection and sale of personal data of more that 1 million people to a marketing company hired by a political […]
Italy integrates GDPR in national privacy legislation
The Italian Council of Ministers has on 8th August 2018 approved a decree which integrates GDPR into Italian Privacy law. The Decree will have to be published to the Italian Official Gazette to come into force. The GDPR will overwrite part of the Italian Privacy Code (decreto legislativo n. 196/2003), it reformulates the duties and […]
Facebook’s response to the ECJ decision on Fanpages. Is this decision being adequately implemented?
As result of the latest European Court of Justice decision regarding the administration of Facebook fanpages, Facebook has recently published an Agreement for data processing activities that aims to comply with the said ruling.(Available here). This article contains an analysis from a data protection law perspective that will determine if the solution implemented by Facebook […]
“US must comply with the EU-US Privacy Shield”
According to the 12 June 2018 European Parliament press release, the Civil Liberties Committee (LIBE Committee) has called on the European Commission to suspend the EU-U.S. Privacy Shield on the grounds that it fails to provide sufficient data protection for EU Citizens. In the press release, the MEPs stated that data transfers between the EU […]
Are companies ready to deal with a high level of scrutiny? – Lessons learned from the Morrisons Case
The purpose of this article is to summarize the lessons that a company can learn from the Morrisons Case with regard to the level of protection that can be considered as “sufficient” and “adequate” for the protection of the personal data of their employees. [1] In our daily practice, our clients are more often than […]
Privacy Impact Assessments: A software tool by the French DPA
The French Data Protection Authority, Commission Nationale Informatique et Liberte (CNIL), released a tool to support data controllers to be compliant with the upcoming General Data Protection Regulation (GDPR). The tool is aimed at automating the obligatory assessments of risk posed by data protection activities to the rights and freedoms of data subjects according to […]
Change is Coming in Ireland: Implementing the GDPR
With the General Data Protection Regulation (GDPR) less than a year away from implementation, Ireland’s Data Protection Commission could quickly become one of the busiest in Europe. New rules dictating that multinationals can treat any supervisory authority as their single regulating body may lead to Google, Amazon, Facebook, Twitter, LinkedIn, Microsoft, and many more tech […]
The obligatory sharing of clinical trial data in the European Union
The European Union aims at entering a new era of clinical trials by enforcing the steps towards personalized medicine. Instead of searching for the best therapy to treat a certain diagnosis, they are moving towards pursuing the best suitable individual therapy. To meet this approach, Big Data technologies have developed new therapies and potential positive […]
New fine to Facebook from the Spanish Data protection Authority
The Spanish Data Protection Authority (AEPD) has condemned Facebook Inc. to the payment of a sanction of 1,200,000 Euros for the existence of two serious and one very serious infringements of Data Protection Law. According to the Agency, Facebook treats personal data for advertising purposes without express consent of the data subjects and does not […]
Privacy at risk: Monitoring of employees and the use of (new) technologies at work
The monitoring of employees at work, or more generally the processing of data in the employment context, is a topic that has been debated for as long as the Data Protection Directive (Dir 95/46/EC – DPD) has been around. Nonetheless, due to the emergence of new technologies and changing work polices, the topic is red […]
Japan on Its Way to Data Protection Adequacy?
Data transfers to countries outside the European Economic Area are only legal if –in addition to the requirement of a legal basis or the data subject’s consent– an adequate level of data protection in that country can be guaranteed. One way this can be achieved is an Adequacy Decision of the European Commission. The Commission […]