In December 2018, the office of the New York Attorney-General issued the largest ever US penalty for the violation of the Children’s Online Privacy Protection Act (COPPA), to Oath Inc, the Verizon-owned company formerly known as AOL. In addition to the penalty amount of 4.95 Million USD, Oath Inc, agreed to adopt extensive COPPA compliant […]
GDPR
Give me all your data: US CLOUD Act & Australian “Decryption” Bill vs. the GDPR
Nowadays crimes are more and more committed or at least facilitated by a smartphone or other computing device. That is why digital evidence in form of data is essential in almost all criminal investigations.[1] But that does not mean that the collection of such evidence is straightforward and effortless. Law enforcement authorities (LEAs) face, among […]
España: Aprobada la Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales.
Con un apoyo parlamentario del 93% la nueva Ley entrará en vigor al día siguiente de su publicación en el Boletín Oficial del Estado. La nueva Ley adapta el derecho español al Reglamento General de Protección de Datos (RGPD) e introduce novedades mediante el desarrollo de materias contenidas en tal reglamento. Las más importantes de […]
Spain: The Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights has been approved.
With 93% parliamentary support, the new Law will enter into force the day after its publication in the Official State Gazette (Boletín Oficial del Estado BOE). The new Law adapts Spanish law to the General Data Protection Regulation (GDPR) and introduces novelties through the development of certain matters contained in the GDPR. The following are […]
Portuguese Data Protection Authority Imposes 400,000 € Fine on Hospital
The Barreiro Hospital in Portugal was fined 400,000 € by the Portuguese Data Protection Authority CNPD (Comissão Nacional de Proteção de Dados) for incompliancy with the EU General Data Protection Regulation (GDPR) by not separating access rights to patents’ clinical data. The public sector hospital had granted access to patients’ clinical data via their system […]
España: El Pleno del Congreso de los Diputados convalida el Real Decreto-Ley para adaptar el Derecho español a la normativa de la Unión Europea en materia de protección de datos.
El Pleno del Congreso de los Diputados ha convalidado el “Real Decreto-ley 5/2018, de 27 de julio, de medidas urgentes para la adaptación del Derecho español a la normativa de la Unión Europea en materia de protección de datos”. La adaptación del marco normativo interno al Reglamento General de Protección de Datos europeo fue tratada […]
Change is Coming in Ireland: Implementing the GDPR
With the General Data Protection Regulation (GDPR) less than a year away from implementation, Ireland’s Data Protection Commission could quickly become one of the busiest in Europe. New rules dictating that multinationals can treat any supervisory authority as their single regulating body may lead to Google, Amazon, Facebook, Twitter, LinkedIn, Microsoft, and many more tech […]
Legislative procedure ongoing: The Council of European Union and its version of the planned ePrivacy Regulation.
Background The European Commission, in April 2016, launched a public consultation in order to gather opinions of different stakeholders in regard to the future of Directive 2002/58/EC (ePrivacy Directive). The ePrivacy Directive concerns the processing of personal data and the protection of privacy in the electronic communications sector. Almost a year later and after the publication of […]
Japan on Its Way to Data Protection Adequacy?
Data transfers to countries outside the European Economic Area are only legal if –in addition to the requirement of a legal basis or the data subject’s consent– an adequate level of data protection in that country can be guaranteed. One way this can be achieved is an Adequacy Decision of the European Commission. The Commission […]
Data Protection in the era of Brexit
One of the most controversial matters to be addressed within the context of Brexit, has created uncertainty in the data protection realm. Although United Kingdom is leaving the European Union, there seems to be a general consensus to maintain constant data flows between the UK and the EU. On August 24 2017, the UK government […]
The Data Protection Officer in Europe
The EU Regulation 2016/679 on the protection of personal data (GDPR) repealing Directive 95/46/EC focusses, among the others, on a particular topic that will be governed by new specific and more consistent rules: the Data Protection Officer (DPO). This figure is already well known to European companies and institutions, but the GDPR finally clarifies and […]