The Flemish Authorities initially considered the specific encryption tools as a valid supplementary measure in addition to the European Standard contractual clauses (SCCs). The measure was applied by a European branch of a US company using AWS cloud. The decision was confirmed by the Belgian Council of State upon a formal complaint of a third […]
pb-international
China passed new data protection law
China issued its comprehensive data protection law, the Personal Information Protection Law (“PIPL”), on August 20, 2021. The PIPL will come into effect on November 1, 2021. This marks a new era in China’s data protection development. Before the PIPL, the main legislations regulating data processing activities in China are the Cybersecurity Law, the Data […]
Privacy Shield 2.0?
Since the CJEU declared the Privacy Shield agreement invalid with its Schrems II ruling, the EU and the USA have been working on a replacement agreement. This is intended to enable companies to transfer data between EU countries and the USA., thereby creating a legal mechanism for data transfers. This would then be the third […]
Sprachaktives Wearable – ist der Seeker von Amazon ein tolles neues Gadget oder ein Datenschutz-Graus
Schon in der Vergangenheit sind die Alexa Produkte von Amazon bei Datenschützern auf Kritik gestoßen. Wir berichteten hier. Nun sind neue tragbare Alexa-Geräte, diesmal für Kinder, in der Entwicklung. Amazon entwickelt anscheinend unter dem Namen „Seeker“ ein sprachaktivierbares Wearable, durch das Eltern mit ihren Kindern kommunizieren, sie über eine GPS-Funktion beobachten können und den Kindern […]
District Court of Amsterdam: the first step towards the end of the One-Stop-Shop ‘impasse’?
On June 30, last, the District Court of Amsterdam (Rechtbank Amsterdam) provided its ruling on the preliminary issues submitted by Facebook Inc. in the case submitted by the Data Privacy Stichting (on behalf of Facebook users) with the support of the Dutch Consumers Association. The case was brought in order to sanction the alleged violations […]
The Information Officer and Deputy Information Officer in South African Data Protection Law
The 1st of July 2021 the Protection of Personal Information Act 4 of 2013 (POPIA) will come completely into force; therefore, companies and multinationals located within South Africa shall be liable for becoming POPIA compliant. This regulation, along with the Promotion of Access to Information Act 2 of 2000 (PAIA) comprise the main data protection […]
Portuguese Data Protection Authority Orders Suspension of Data Transfer to USA
The Portuguese Data Protection Commission (Comissão Nacional de Proteção de Dados – CNPD) has ordered the Portuguese office of national statistics (Instituto Nacional de Estatística – INE) to suspend within 12 hours the transfer of personal data from the Census 2021 survey to the USA or other so-called third countries without an adequate level of […]
Delay in reporting a data breach caused a fine of over €400,000 to Booking.com.
The Dutch Data Protection Authority has recently issued a fine of €475,000 to the online touristic operator Booking.com for having notified a data breach to the DPA with a sensible delay. The data breach The staff of about 40 Hotels located in the United Arab Emirates were cheated by a telephone scam and convinced to […]
German Court Calls Alexa to the Stand
The Regensburg (Bavaria) Regional Court has sentenced a man to 10 years in prison for manslaughter based on evidence from voice recordings of an Alexa smart speaker. The Case The court found the perpetrator –reportedly a notorious stalker– guilty of manslaughter, as, to the persuasion of the court, the man had killed his ex-girlfriend by […]
Switzerland adopts revised data protection law
The protection of personal data is becoming more and more relevant. This is a result of the rapid advancement of communication and sales channels as well as the increasing capacities of companies to collect personal data. The Swiss Parliament seemingly acknowledged this too when it recently announced that it adopted the revised version of the […]
Need-to-know? Health care providers under scrutiny by Swedish Authority
The Swedish Data Protection Authority took a closer look at eight health care providers in Sweden. Special attention was paid to technical and organizational measures of their systems processing electronic health records. Access to personal data in general should be not only regulated in regards to external providers but also internal personnel. The often referenced […]
Conseil de’etat ruling on the Data Health Hub: The start of Schrems III or rather a turning point?
The derogation to the restriction to transfer data to the USA on the basis of the Covid-19 pandemic. Introduction On 23 October 2020 the Conseil d’etat, a French public institution with the primary role of giving administrative judicial rulings, (‘the Conseil’) ruled on the issue whether the use of Microsoft to host the Health Data […]
News on data protection law
Dear Readers, This is to update you on the latest news and developments in matters of data protection law. If you would like to be provided with more details, you may contact us via the commentary function. We will also link to our blog posts if we have already reported on this topic. What has […]
Tesla – Auto der Zukunft
Allein im 1. Halbjahr 2020 wurden in Europa 33.164 Tesla Fahrzeuge neu zugelassen. Zahlreiche Vorteile werden dem Kauf eines Tesla Autos zugeschrieben, bspw. das autonome Fahren, selbstständiges Einparken oder eine stetige Wertsteigerung durch regelmäßige Software Updates. Solche Features basieren auf zahlreichen Datenverarbeitungsprozessen, welche, zumindest in Europa, an der europäischen Datenschutzgrundverordnung (DSGVO) zu messen sind. Tesla […]
Who is the controller for data processing and who is the processor?
An attempt at delimitation by the European Data Protection Board On 2 September 2020, the European Data Protection Board (EDPB) adopted a first version of a guideline on the concepts of data controller and processor in the GDPR, which we would like to briefly present here. The guidelines are currently only available in English. The […]