On June 30, last, the District Court of Amsterdam (Rechtbank Amsterdam) provided its ruling on the preliminary issues submitted by Facebook Inc. in the case submitted by the Data Privacy Stichting (on behalf of Facebook users) with the support of the Dutch Consumers Association. The case was brought in order to sanction the alleged violations […]
Another sword in the battleground against the UK’s hope to seek adequacy decision
Court of Appeal of the United Kingdom holds the ‘immigration exemption’ under the Data Protection Act 2018 as unlawful On May 26, 2021, the Court of Appeal of the United Kingdom handed down its judgment in the case of R (Open Rights Group and the3million) v Secretary of State for the Home Department and Others  EWCA Civ […]
The Information Officer and Deputy Information Officer in South African Data Protection Law
The 1st of July 2021 the Protection of Personal Information Act 4 of 2013 (POPIA) will come completely into force; therefore, companies and multinationals located within South Africa shall be liable for becoming POPIA compliant. This regulation, along with the Promotion of Access to Information Act 2 of 2000 (PAIA) comprise the main data protection […]
Portuguese Data Protection Authority Orders Suspension of Data Transfer to USA
The Portuguese Data Protection Commission (Comissão Nacional de Proteção de Dados – CNPD) has ordered the Portuguese office of national statistics (Instituto Nacional de Estatística – INE) to suspend within 12 hours the transfer of personal data from the Census 2021 survey to the USA or other so-called third countries without an adequate level of […]
Delay in reporting a data breach caused a fine of over €400,000 to Booking.com.
The Dutch Data Protection Authority has recently issued a fine of €475,000 to the online touristic operator Booking.com for having notified a data breach to the DPA with a sensible delay. The data breach The staff of about 40 Hotels located in the United Arab Emirates were cheated by a telephone scam and convinced to […]
Common trend in the health-industry?
Fine of 440.000 EUR imposed by Autoriteitspersoonsgegevens on Dutch Hospital. Back in the lovely Spring of 2019, the Autoriteitspersoongegevens (‘AP’) started investigations against the Onze Lieve Vrouwen Gasthuis (‘OLVG’). The OLVG is an educational hospital that has two locations in Amsterdam and holds more than 550.000 patients on an annual basis. After the AP got […]
German Court Calls Alexa to the Stand
The Regensburg (Bavaria) Regional Court has sentenced a man to 10 years in prison for manslaughter based on evidence from voice recordings of an Alexa smart speaker. The Case The court found the perpetrator –reportedly a notorious stalker– guilty of manslaughter, as, to the persuasion of the court, the man had killed his ex-girlfriend by […]
Massive leak of personal data at scraping company SocialArk
Over 300 million social account records, originating from several platforms including Facebook, Instagram and LinkedIn, were recently exposed through a massive data leak from the cloud of SocialArks. More than 400GB of public and private account data of about 214 million social media users across the world have been affected by this massive data leak. […]
The NHSX is recommending companies collaborating with NHS organisations to enter into a controller-to-controller Data Sharing Agreement
As of July 2019, the National Health Service in the Great Britain has founded the NHSX by combining teams from the UK Department of Health and Social Care, NHS England and the NHS Improvement. The NHSX is a digital health and social care transformation program designed to improve the UK’s long-term plans with regard to […]
Romania: the Romanian Data Processing Supervisor sanctions ING for violating articles 5 and 6 GDPR.
On December 30, last, the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), has issued a sanction in the amount of approximately EUR. 3.000, as it found that the bank continued to process the data of a subject (a former customer), well beyond the termination of the business relation with him and therefore after […]
Switzerland adopts revised data protection law
The protection of personal data is becoming more and more relevant. This is a result of the rapid advancement of communication and sales channels as well as the increasing capacities of companies to collect personal data. The Swiss Parliament seemingly acknowledged this too when it recently announced that it adopted the revised version of the […]
Need-to-know? Health care providers under scrutiny by Swedish Authority
The Swedish Data Protection Authority took a closer look at eight health care providers in Sweden. Special attention was paid to technical and organizational measures of their systems processing electronic health records. Access to personal data in general should be not only regulated in regards to external providers but also internal personnel. The often referenced […]
Deletion of personal data – FAQ‘s
A perennial topic among the data protection issues is the deletion of personal data. We regularly receive inquiries on this topic. In the following, we would like to answer some of the most frequently asked questions. When do I have to delete personal data? There are no rigid retention periods in the GDPR, but the […]
News on data protection law
Dear Readers, This is to update you on the latest news and developments in matters of data protection law. If you would like to be provided with more details, you may contact us via the commentary function. We will also link to our blog posts if we have already reported on this topic. What has […]
Who is the controller for data processing and who is the processor?
An attempt at delimitation by the European Data Protection Board On 2 September 2020, the European Data Protection Board (EDPB) adopted a first version of a guideline on the concepts of data controller and processor in the GDPR, which we would like to briefly present here. The guidelines are currently only available in English. The […]