The COVID-19 pandemic and the measures to combat the spread of the virus are having a severe impact in a number of countries,...

This article answers many freuqently asked questions concerning data protection in turkey during times of Covid-19. ...

One of the possible solutions for processing personal data based on a legitimate interest of companies.

The Italian Data protection Authority (Italian DPA) issued two fines against Tim and Eni Gas e Luce, for a total amount of almost 36...

After many data protection authorities (in the European Union and beyond) provided guidance and FAQ's on the relationship between...

The re-use of Public Sector information has to be built on a balanced approach where the public interests of such use have to be...

The difficulty of drawing a hard-and-fast line between the right to privacy and the rights of other people to stay healthy ...

An administrative Fine of 82,000 EURO was imposed by the Cyprus Data Protection Authority concerning the lack of legal basis of...

The Dutch DPA imposed a fine of 525,000 euros for the unlawful sale of personal data by the Dutch national tennis association the...

This article presents interesting decisions on Austrian data protection law, which deal in particular with the admissibility of...

In order to guarantee protection of people who report breaches, I.E. Whistleblowers, employers will soon be obliged to create a clear...

While the GDPR deals extensively with the rights and claims of data subjects, it mainly leaves the provisions for the assertion of...

On the European Data Protection Day 2020 (i.e. on 28 January 2020), the Romanian DPA published (in Romanian and English languages) a...

The topic discussed here is the difference between personal data protection before the GDPR entered into effect and the current data...

2019 was a year of major developments for privacy and data protection in Ireland and abroad. According to Ireland, the year 2020 will...

Since the implementation of the GDPR, cloud players have been forced to both rethink their tools and review their contracts. ...

In Turkey, the Personal Data Protection Law No. 6698 (the "Law") requires data controllers to take all necessary technical and...

The end of the year is usually the time for reflections. Although the first year of GDPR officially ended at the end of May 2019, now...

The Office for Personal Data Protection of the Slovak Republic (hereinafter referred to as “Office”) pursuant to the provisions of §...

Article 32 of the GDPR on the security of processing has been one of the main focus areas of the Danish Data Protection Agency (the...

The Belgian electronic identity card system has been in vogue for a number of years now as a reliable means for electronic...

The Berlin Data Protection Authority has imposed an administrative fine against a Berlin real estate company for 14,5 Million euros...

On 16 October 2019, the German Data Protection Authorities (DPAs) published their concept of how to determine administrative fines. ...

More than a year has passed since the General Data Protection Regulation (hereinafter “GDPR”) has been applicable in all EU member...

Data, and not FIAT or digital currency, is the real currency that measures the worth of a gambling operation, and the single common...

On November 24, 2019 the Israeli Privacy Protection Authority (the “IPPA”) announced that it had hosted an inter-sectoral roundtable...

On 20 November 2019, the European Data Protection Board (EDPB) issued a draft of Guidelines on Data Protection by Design and by...

The preparatory work for the reform of the Monegasque data protection law (Act No. 1.165 of 23 December 1993, consolidated), carried...

Earlier in 2019 the Bulgarian data protection supervisory authority – the Bulgarian Commission for Personal Data Protection (“CPDP”)-...

Use of video recording of screens, coupled with recordings of telephone conversations in a professional setting, may be proportionate...

Law on Protection of Personal Data numbered 6698 provides under the article titled “Data Security Liabilities” that, data controllers...

In August 2019, Serbia started applying new Law on Personal Data Protection. Many challenges were expected before initiation of the...

In its recent judgment in the “Planet49 case”, the Court of Justice of the European Union (“CJEU”) held that consent for cookies...

Following a fast track procedure, the Greek Parliament adopted Law 4624/2019, which frames the provisions of the GDPR in Greece and...

The California Consumer Privacy Act (CCPA), a broad-based law protecting information that identifies California residents, was passed...

The California Consumer Privacy Act (CCPA), which takes effect in 2020, has been dubbed “GDPR-Lite” or “California GDPR” because it...

The California Consumer Privacy Act (CCPA), a broad-based law protecting information that identifies California residents, will take...

The California Consumer Privacy Act (CCPA), a broad-based law protecting information that identifies California residents, was passed...

This article presents the third out of three interesting decisions on Austrian data protection law, in particular dealing with...

When users browse through the internet, cookies perform multi-faceted functions for the benefit of both the webmasters and users...

This article presents the second out of three interesting decisions on Austrian data protection law, in particular dealing with...

For the first time, the Italian Data Protection Authority has exercised its power of "warning" provided by the GDPR, through which it...

This article presents the first out of three interesting decisions on Austrian data protection law, in particular dealing with...

The AEPD published in July 2019 a model report to help Public Administrations carry out im-pact assessments on data protection. ...

The Greek HDPA (Hellenic Data Protection Authority) imposed a fine of € 150.000,- on PWC Greece.

Over 2 years, GDPR and personal data protection has been discussed across the EU. Vast majority of companies, public authorities and...

This first fine under the GDPR is imposed on the Dutch Haga Hospital for having an insufficient internal security of patient records...

Slovenian courts have in place a system for audio recording of court hearings. The data recorded (which in itself constitute personal...

First, I would like to thank the members and the entire EuroCloud organization for letting me join their ranks. I sincerely thank...

Each Spring, the Estonian Data Protection Inspectorate (DPI) publishes its Annual, summarising its main activities of the previous...

To mark the occasion of GDPR's first anniversary, findings and statistics tracked from May 2018 to May 2019 concerning awareness,...

On the 14th of June 2019 (one year later than expected) Portugal has finally approved Draft Law no. 120/XIII/3.ª (GOV), implementing...

Until recently, most IT contracts, even the large-scale ones, were generally based on a simple purchase order and sometimes a...

We've introduced a new Area focused on GDPR and several enhancements to existing controls as part of this major update. ...

Last week the European Commission published guidance on the free flow of non-personal data, focussing on the interaction of the FFD...

Earlier in 2019 Bulgaria has become another European Union member to adopt the EU’s privacy regime. The Bulgarian Personal Data...

The Danish Data Protection Agency has reported the taxi company, Taxi 4x35, to the police and recommended the company for a fine of...

At the end of November 2018, the new Law on Personal Data Protection (Law) came into force but its application was postponed for nine...

The Belgian tax authorities maintain an online repository called FisconetPlus, on which tax payers can find key information and...

Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of...

In May 2018, the Israeli Protection Of Privacy Regulations (Data Security 2017) (the “Regulations”) came into effect. The...

Under Article 35 of the GDPR, the national Data Processing Authority (DPA) shall establish and make public a list of processing...

The aim of this article is to focus on three important legal opinions published by the Italian Data Protection Authority on the...

On the basis of the guidelines of the article 29 working party of what now is the EDPB (European Data Protection Board) and the...

The Spanish DPA published a recent report on the processing by political parties of personal data related to political opinions. ...

Since the 2016 referendum whereby voters expressed their wish for the United Kingdom (the “UK”) to leave the European Union (the...

In the light of the GDPR, on March 6, 2019, Slovenia’s Ministry of Justice published <a...

Where does the role of the data protection authority (DPA) end and where the court takes priority? The relevant legal provisions are...

This article presents three interesting decisions on Austrian data protection law, in particular dealing with an unlawful video...

General Data Protection Regulation (GDPR) brought (for the Czech legal environment completely new) legal construct of joint...

EuroCloud Europe publishes a new whitepaper in partnership with RedHat and Accenture, tracing the drivers of change across the...

In the case of a service provider that is not contracted by a controller to process personal data on its behalf but may gain custody...

The EDPB (European Data Protection Board) assessed in its January 22, 2019 report once again whether the safeguards provided under...

French data protection authority CNIL has slapped a €50 million ($57 million) on Google for failing to meet requirements under the...

EuroCloud Europe will establish a European database of case-studies describing sector specific joint-controllership relations, as...

EuroCloud Europe will undertake to create a European database of data-breach-related DPA decisions and court judgments. ...

According to the Oberlandesgericht Hamburg (Higher Regional Court Hamburg) violations of data protection rules can also mean a...

In the last six months, the EU Court of Justice has provided its views on the roles of different parties processing personal data on...

The year 2018 was for Monaco a preparatory year for the forthcoming adaptation of Act No. 1.165 on the protection of personal data,...

Government agencies and public organisations have the obligation to appoint a DPA, regardless the type of data they process. ...

During 2018, the Not-for-Profit International Network CPC set up some study groups with the aim to analyze and compare the Member...

The EuroCloud Awards recognize the best digital services from Europe and around the world based on their underlying cloud computing...

In August 2018, the Supreme Court of the Republic of Slovenia upheld the judgements of the lower courts finding the publisher and the...

The Greek Parliament recently enacted Law 4577/2018, the purpose of which is to transpose Directive (EU) 2016/1148 on security of...

Uber US and Uber Netherlands were considered to be joint controllers which made them both separately liable for claims of customers...

Vienna, 24 Nov 2018: This year, lawyers from 13 countries attended the event in Vienna and approved a comprehensive list of...

Paragraph 6, Article 38 of the General Data Protection Regulation (GDPR) allows the Data Protection Officer (DPO) to fulfil other...

The Agencia Española de Protección de Datos ( AEPD) presented guidelines regarding the management and notification of security...

Privacy issues in mergers and acquisitions take the attention of transaction parties among other things in these days. ...

With Legislative Decree n. 101/2018 the Italian legislator has finally taken the last necessary step in order to coordinate the local...

As the legal representatives of the Slovak Anti-doping Agency (hereinafter referred to as “SADA”), we have taken part in several...

The CNPD (Portuguese Data Protection National Commission), as the Portuguese supervisory authority, has approved Regulation nr....

In-vehicle emergency call (eCall) systems, which have been in use for a long time, are defined as systems within vehicles being...

Since the application of the GDPR, the days of the EU-U.S. Privacy Shield may be numbered and parties to an IT contract must be on...

With the entry into force of Regulation (EU) 2016/679 (the “General Data Protection Regulation”) on 25th May 2018, the matter of...

The new practice of the Danish Data Protection Agency requires all work related e-mails containing personal data is to be encoded...

This year, on the 25th of May 2018, the highly anticipated and monumental EU General Data Protection Regulation (henceforth “the...

Ireland's Data Protection Act 2018 (the "DPA"), which implements elements of the European Union's General Data Protection Regulation...

Privacy is key to a healthy information society and the recently-enacted GDPR offers EU citizens significant control over how their...

The Portuguese Data Protection Authority (“DPA”) recently announced a public consultation on the list of processing activities that...

The Estonian data protection authority (Data Protection Inspectorate, DPI) issued guidance on the definition of “large scale”...

The national Law on Personal Data Processing (the National Law) has entered into force on July 5th, 2018, which made Latvia the first...

Dr. Gege Gatt, Partner of the EuroCloud CPC Network, shares his thoughts following the recent landmark judgement by the German Court...

The General Data Protection Regulation (GDPR) stipulates that (data) controllers must carry out what is known as a "data protection...

The adoption of the U.S. Cloud Act weakens the integrity and security model of leading public cloud providers. ...

The Spanish DPA issued a check-list regarding regulatory compliance to facilitate the implementation of GDPR. ...

On 27 June 2018, the Romanian Parliament finally approved the Romanian law intending to cover the open clauses under the General Data...

The General Data Protection Regulation (GDPR) came into full operation on 25 May 2018 and was described by the Information...

Halfway through 2018, we have published a presentation brochure detailing the status and results the Cloud Privacy Check (CPC)...

The Monegasque Data Protection Authority has published on its website on May 2, 2018 a list of the key questions on the GDPR...

With the GDPR being enforced on 25th of May, we decided to take a glimpse back into the history of data privacy and traced it's first...

The Latvian legislator is facing delays with the adaptation of the national Law on Personal Data Processing (the Draft Law). On April...

Zepos & Yannopoulos, partners of the EuroCloud CPC network, participated in a multi jurisdictional exercise organised by the...

The act will to some extent replace the Danish Act on Processing of Personal Data and it will enter into force simultaneously with...

GDPR is knocking on the door. Being a Europe’s country, and not being a European Union member country yet, does not release the...

Liability caps in contracts under the GDPR is a hot-button issue for data controllers and data processors. A few days before the...

Consent of a data subject is often used by data controllers in order to ensure lawful data processing. Still, processing on the...

Earlier in March 2018, the Maltese press reported and revealed that private individuals have successfully requested that court cases...

Even though the GDPR is directly applicable in the Member States, it has left open the possibility for Member States to enact...

Ireland's Data Protection Bill 2018 (the "Bill"), which will implement elements of the European Union's General Data Protection...

The long-expected General Data Protection Regulation (GDPR) comes with new, specific requirements for data processing agreements, as...

The Italian Legislator recently adopted two new laws on data protection matter, Law. n. 167/2017 and Law n. 205/2017, with the aim of...

In a world where smart technology has become the norm, where people access their phones and TVs with fingerprints and voice commands,...

The article presents three interesting decisions on Austrian data protection law, in particular dealing with control measures at the...

The Belgian Act of 3 December 2017, which was published in the Belgian Official Journal on 10 January 2018, partially implements the...

Die österreichische Datenschutzbeauftragte Andrea Jelinek wurde zur Leiterin der Artikel-29-Datenschutzgruppe gewählt. Diese wird ab...

Public hospitals in Norway are organized in a structure where they are owned by four different regional legal entities. The regional...

The data protection officer (DPO) is a key function/office/position under the GDPR responsible for compliance with data protection...

General Data Protection Regulation (GDPR) is going to govern the personal data protection matters across Europe since May 2018. Even...

The 20Q&A project is intended to give the reader a quick overview and short summary of the most urgent questions regarding the...

The Data Protection Bill (Bill) will replace the Data Protection Act 1998 and will implement the General Data Protection Regulation...

It would be wrong to infer from the fact that the Principality of Monaco is a non-EU State, that the General Data Protection...

A new Data Protection Bill will soon issue which will implement elements of the GDPR into Irish law and overhaul the Office of the...

Data is a resource for digital business and we can expect more and more rules regulating this vital resource. In addition to the GDPR...

The GDPR introduced an antitrust-type sanction regime with fines which, for severe infringements, may amount up to 20 million euros...

Latvian Ministry of Justice has drafted text of new Personal Data Processing Law, which fulfils the assignment of Regulation (EU)...

The CPC Conference participants present in Vienna between 24-26 November 2017 offer their feedback of the event. ...

In implementation of the General Data Protection Regulation (2016/679), the Belgian Privacy Commission is being replaced by a new...

The 2nd Cloud Privacy Check (CPC) event took place between 24-26 November 2017 in Vienna, Austria.

This last decade has undoubtedly marked a vast and worldwide sociological evolution which has defined and created a new generation...

The Spanish DPA (AEPD) presents “Facilita RGPD”, a tool created to help companies comply with the European Data Protection Regulation...

In the recent case between the Data Protection Commissioner vs Facebook Ireland ltd and Maximillian Schrems of October 3rd 2017,...

A rapid overview of Luxembourg’s latest legislative measures in its preparation for European package on Data Protection with a...

Even if a person does not know anything else about the GDPR, it usually knows about the massive potential fines the GDPR will bring...

The EU data protection reform package consisting of the General Data Protection Regulation (EU) 2016/679 (in German:...

On Sept. 5, the European Court of Human Rights handed down a landmark judgement about privacy and monitoring at the workplace. The...

Is your cloud compliant? Cloud experts Dr. Tobias Höllwarth, Dr. Jens Eckhardt, Christian Laux, and Dr. Clemens Thiele explore the...

The GDPR clearly sets out the rights and obligations of sub-processors and requires them to meet strong contractual requirements. ...

With the upcoming entrance into force of the new General Data Protection Regulation in May 2018, the Bulgarian Commission for...

A brief discussion regarding the obligation of Controllers to notify the data subject and supervisory authority in the event of a...

On May 24, 2017, the Danish Ministry of Justice published their long-awaited report on the Personal Data Regulation, which will...

As we get closer to May 2018 when the GDPR will enter into force, the discussions on whether organisations should appoint a DPO and...

Amid the rush to be GDPR-ready, the former European Commissioner for Digital Economy and Society was campaigning for a comprehensive...

Cloud service providers (hereinafter referred to as the „CSP“) offer nowadays a wide spectrum of cloud computing services. Benefits...

The GDPR encourages (through the Member States, the supervisory authorities, the Board and the Commission) the adoption of data...

The GDPR clarifies the concept of “joint controllers”, which is of particular interest for the cloud computing community. Already...

While studies show that there is a medium / high degree of awareness of the obligations and impacts of implementing the GDPR, the...

The article presents three interesting decisions on Austrian data protection law, in particular dealing with the scope of the right...

The GDPR clarifies the clauses to be contained in a data processing agreement. The new European Regulation does not change the...

At a time where the General Data Protection Regulation (“GDPR”) has been spoken and written about extensively in all European...

Introducing high administrative fines (a maximum of EUR 20 million or 4% of global annual turnover, depending on which is higher) and...

Right before the midsummer holidays, the TATTI working group appointed by the Finnish Ministry of Justice published its report on the...

The Supreme Court rules in favour of suspects' privacy while the Parliament declares "revenge porn" a criminal act. ...

The General Data Protection Regulation (GDPR) will apply from 25 May 2018. Until then, all regulations of the GDPR have to be...

Recently the Dutch Data Protection Authority (Autoriteit Persoonsgegevens: "AP") published a 10-step-plan for Dutch organizations to...

Modern cars generate, collect and process a large quantity of data. Some of the data can be linked to the owner, the driver and/or...

A safer and people-friendlier cloud must be built at the European level.

EuroCloud Europe has published in June 2017 a new whitepaper "Cloud & Annual Accounts".

EuroCloud Europe has published in June 2017 a new whitepaper "Cloud & Data Protection - The Cloud Privacy Check (CPC)". ...

Today the processing of personal data in Sweden is regulated in the Personal Data Act (Sw. Personuppgiftslag (1998:204)). On 25 May...

By a press release dated April 28th, 2017, the Italian Data Protection Authority (“DPA”) issued its first guidelines (“Guidelines”)...

I write this text assuming that the reader already knows well about the four-step test implemented by the CPC...

The free movement of personal data within the EEA is a cornerstone of the Single Market – crucial to businesses and consumers...

On May 5th, 2017 the Turkish Data Protection Authority published the Draft Regulation on Data Controllers’ Registry (“Draft...

Data protection becomes hotter and hotter. Years ago a rather low tier area of law and practice, data protection is now being...

A look at the new European Regulation which is bringing Data Protection law into the new century.

Respect for basic human rights and freedoms is a conditio sina qua non for continuous and proper development of individuals and...

The Spanish DPA intends to make it easier for SMEs to be aware -during the transitional period until May 25, 2018- of the impact that...

The Irish Data Protection Commissioner ("DPC") published a guidance note on the General Data Protection Regulation ("GDPR") in...

While the Ministry of Justice of the Republic of Latvia is working on the changes of national legislation for the application of the...

The right to be forgotten under article 17 of GDPR brought up conflict between the right of an individual to object to processing his...

The Monegasque Data Protection Authority (CCIN) announced on the European Data Protection Day (28 January 2017) the possibility for...

On April 7th 2016, the long awaited Law on the Protection of Personal Data was enacted (the “Law”) in Turkey to regulate process and...

The access to and review of corporate emails, other electronic communications and electronic files stored on the business computers...

The upcoming General Data Protection Regulation contains an obligation to conduct a data protection impact assessment (DPIA) for...

On 8 March 2017, the annual Cloud Conference organised by IT News (in Estonian: ITuudised) took place in Tallinn, Estonia. The...

The Danish Ministry of Justice has begun its work with the Danish adoption of the General Data Protection Regulation (the GDPR) in...

The GDPR brings a new hope for the application of BCRs, especially for cloud providers (as processors), as they are given specific...

In January 2017, the Office for Personal Data Protection of the Slovak Republic initiated the legislative process leading to the new...

Polish DPA recent opinion on encryption as preferred response to confidentiality risks associated with email. ...

A case of the DSB (Austrian Data Protection Office) and one of the VwGH (Austrian Administrative Supreme Court) are presented below....

Paris, 6th of February 2017: meeting at the offices of Alain Bensoussan Avocats Lexing with Alain Bensoussan, Eric Le Quellenec,...

The Malta IT Law Association (MITLA) organised a workshop on Cloud Computing on the 12th of December 2016.

Lawyers from 32 countries have created the Cloud Privacy Check (CPC), the largest European information platform explaining data...

Contributors of the CPC projects from 20 countries met in Vienna for two days to prepare for the publications of the international...

25th February, Zürich: Meeting with CPC (cloudprivacycheck.eu) partner Dr. Laux in Switzerland to prepare Phase2 of the project....

Tobias Höllwarth draws some lines between the new EU General Data Protection Regulation, Binding Corporate Rules, strategies of...