Despite being clear that Brazil’s Data Protection Law (”LGPD”) applies to employment relationships, it is not usual to discuss the...

Vienna, Austria 11 - 13 November 2022

25th May 2022 marked the 4th anniversary of the entry into force of the General Data Protection Regulation (GDPR) and the...

Bulgarian PDPC has adopted a list of processing operations that require prior consultation which is addressed to the authorities...

On May 11, 2022, the Costa Rican government declared a National State of Emergency throughout the public sector for cybercrimes...

Compared to the previous year, the number of supervisions carried out in 2021 by the Macedonian Personal Data Protection Agency is...

The UK government’s Department for Digital, Culture, Media & Sport ("DCMS") has published proposed legislation that will make...

In today's society, the issue of fulfilling the characteristics of personal data is the subject of many disputes as well as legal...

The question of cookies and data protection is always present, but what are cookies, are they always person-related, what is the...

The Austrian Data Protection Authority (DPA) decided in another decision (22nd of April 2022, D155.026, 2022-0.298.191) that the use...

The Constitutional Court of the Republic of Slovenia annulled the criminal conviction for the development, advertising, and selling...

Earlier this spring, the Swedish Authority for Privacy Protection issued an administrative fine of approximately EUR 724 000 against...

When establishing an employment relationship, employers often ask the candidates for a court confirmation that no criminal...

Aguilar Castillo Love’s vision for their role as a law firm is borne of their heritage. Their ethos is drawn from many models,...

Last April, the Portuguese Constitutional Court declared unconstitutional the provisions of articles 4, 6, and 9 of Law 32/2008 of...

Legitimate interest is one of the lawful bases for processing personal information. However, the Nigeria Data Protection Regulation...

The government's bill for a major reform of Monaco's personal data protection legislation is currently being examined by the...

In 2021, the Luxembourg National Commission for Data Protection (the “CNPD”) issued 48 decisions following assessments. 18 of these...

Updated regulations in Ireland regarding data subjects' access to their health data emerged in March 2022. The new regulations have...

It is the first time in history that the Dutch Data Protection Authority (DPA) has identified six violations of the GDPR in only one...

Generally, data transfers to third countries are prohibited unless the receiving country has received an adequacy decision from the...

Legal IT Abogados is the first legal boutique specialized in Digital Law in Panama. They offer legal solutions in the world of...

The Israeli Privacy Protection Authority recently published a new memo aimed to clarify the scope of interpretation of the obligation...

"Not everything that is technically possible is legally and ethically lawful." These are the words of Guido Scorza, member of the...

INPLP:

We continue our path to success and are pleased to welcome our new members from Mexico and Panama and thus further expand our...

Topics of this meeting were:

1. MEET&GREET: New member Héctor Guzmán (MEXICO)
2. BELEN: Next EU-US framework for international data...

BGBG provides solutions and highly specialized advice in an agile, clear, and sincere manner, generating positive results for their...

On 24 February 2022, the Data Protection Commission released its 2021 Annual Report (the “Report”) running to over one hundred pages....

The European Court of Justice has not just brought its settled case-law on data retention in line. Furthermore the ECJ also provides...

Argentina’s data protection authority, the Agency of Access to Public Information, i.e. the controlling authority pursuant to Data...

At the end of 2021, the Estonian Data Protection Inspectorate (DPA) issued a precept to a gas station using audio surveillance in its...

The Cyberspace Administration of China (CAC) has circulated the Regulations on the Management of Algorithm Recommendations for...

Ecuador continues to build its personal data protection system, for which those responsible for developing the regulation must...

The new Indian Privacy law mimics GDPR when it requires a ‘privacy by design’ architecture, sets up a central data protection...

Since 2019, The Federlñ Trade Commission (FTC) has been seeking ways to punish the new digital unfair practices, consisting on...

The process of designating the Personal Data Protection Authority, the next milestone in the construction of the national data...

CCTV monitoring has long been a key field for the Hungarian DPA. The article summarizes the DPA’s practice, as well as the related...

In September 2021, Munich’s regional court (the LG Munich) awarded a plaintiff 130,446 euros in damages. A vehicle purchased by the...

The United States and the European Commission have agreed in principle to a new Trans-Atlantic Data Privacy Framework (the...

The Data Security Law (“DSL”) and Personal Information Protection Law (“PIPL”) of mainland China, which came into force last year,...

A Code of Conduct regulating the processing of personal data in the field of clinical trials and other clinical research and...

The French supervisory authority has adopted 3 formal notices against famous French websites requiring them to stop using Google...

The Polish DPA (the President of the Personal Data Protection Office, further as "the Polish DPA") has reprimanded a webiste operator...

The past year was immensely impactful for the INPLP and characterized by strong collaboration, hard work, continued growth of the...

On 1 December 2021, the Telecommunication Telemedia Data Protection Act (“TTDSG”) came into effect. Amongst others, it was meant to...

Rob Corbet is a Partner and Head of Technology & Innovation at Arthur Cox. He leads a market leading team dedicated to specialist...

The first major GDPR class action under the Dutch Act on Mass Damages Settlement in Class Actions (WAMCA) has been declared...

Switzerland has made an effort to renew its Federal Act on Data Protection (revFADP) in order to modernise its data protection law...

Investigations into US facial recognition firm Clearview AI by Canadian regulators and UK/Australia yeilded similar findings...

Bulgarian Supreme Administrative Court issued a decision setting out criteria relevant for assessing the balance between the right to...

For the first time since the entry into force of the General Data Protection Regulation, the Federal Administrative Court has...

Argentina’s data protection authority, the Agency of Access to Public Information, i.e. the controlling authority pursuant to Data...

Virtual Voice Assistants (“VVA”) continue to grow in popularity as the precision of the technology improves. The European Data...

The EU General Data Regulation (GDPR) is among the world's toughest data protection laws. In this article you will have a general...

The Personal Data Supervisory Authority (hereinafter "CCIN") has published its 12th Activity Report covering the year 2020. This...

Stephenson Harwood is a law firm with over 1100 people worldwide, including more than 180 partners. They assemble teams of bright...

The proposed reforms to data protection laws by the UK government are ones that have been longed promised in a post-Brexit world and...

BTG Legal is a disputes and transactional law firm with best-of-breed technical expertise, a culture of innovation, and an...

The processing of COVID-19 related health data is certainly a hot and/or unsettled legal matter everywhere in the world. This article...

Ecuador joins the party of personal data protection with the issuance of its new law on the subject and leaves the group of regional...

This article provides an insight to the ever increasing market of performance analysis and the intersection with athlete's...

The use of cookies will therefore no longer be linked to the passivity of the users concerned (opt-out). Anyone who stores or obtains...

The Austrian Data Protection Authority (DPA) decided in a recent groundbreaking decision (22nd of December 2021, D155.027...

Following an investigation carried out by the Norwegian Consumer Council, the Norwegian Data Processing Authority on 13 December 2021...

Gerrish Legal offers Enterprise Solutions, Law Firm Services and Automated Law to clients being a multi-national company, a small to...

What the exemption from the application of the Regulation due to private and domestic purposes is? Polish Regional Administrative...

ECIJA GPA is recognized by prestigious international legal classification and research directories, offering legal services in all...

The Constitutional Court of the Republic of Slovenia annulled the criminal conviction for an online defamation, which was based on...

It often happens that we get confused by the difference between a controller and a processor. The problem may arise when a controller...

Transfer of data has become a major subject of international trade, and understanding the prerequisite for such transfer is...

The 6th INPLP Conference was successfully held in Vienna under the auspices of EuroCloud Europe and organised by Sourcing...

Malta has recently amended its rules in relation to the processing of personal data in the educational sector. ...

Under GDPR, data export to third countries is only permitted if the conditions under Chapter 5 are met. The adequacy decision by the...

Last October, the Portuguese parliament approved in a final vote a draft law that establishes the "right to be forgotten", preventing...

China has recently introduced two new data laws which as well as bringing the rules in relation to personal data in China up to date...

How to fulfil the data protection obligations when using artificial intelligence? One of the main issues of concern is the use of...

Responding to the extensive and intensive remote working during the Covid-19 pandemic and the risks that are lurking for employees’...

Big tech is getting sued for billions. What are these claims based on and who is supporting them? A short article on the recent...

The health situation in Luxembourg has been stable for several weeks now which allows for a possible return to a pre-crisis...

Facing the fact that the complaince with the new Law on Personal Data Protection was not in line with the planned dynamics, the...

Garante prohibits further data transfer and fines university 200,000EUR and for SchremsII failures in retaining a US based processor...

The Digital Arrangement Act was promuglated on May 19 of this year, which requires the Act on the Protection of Personal Information...

Argentina’s data protection authority, the Agency of Access to Public Information, i.e. the controlling authority pursuant to Data...

In recent years, and especially in recent times when remote work has become more common, the practice of employers using...

The Cyberspace Administration of China (CAC) has circulated the Provisions on the Management of Automotive Data Security (Trial) 2021...

After the “Schrems II” decision of the European Court of Justice invalidating the Privacy Shield framework and raising further doubts...

Bill C-11 died on the order paper in August when the Canadian federal election was called. In this article we explore how the...

This Annual Report comprehensively collects the activities carried out by this institution, most relevant facts and figures,...

Vienna, Austria 19 - 21 November 2021

The Provincial Administrative Court in Warsaw ruled that Polish Data Protection Supervisory Authority is not competent to order a...

On 9 July 2021, the Italian DPA released the new guidelines on the use of cookies. The purpose of these new guidelines is to achieve...

Due to their extreme importance in an increasingly digitalised and globalised economy, data transfers to third countries have been in...

The CISPE code of conduct simplifies data processing contracts under the GDPR and lays the foundations for a sovereign cloud. ...

A hacker was able to obtain the identification document photos of almost 300,000 people from a state database. Criminal...

Latournerie Wolfrom Avocats (LWA), a multidisciplinary and independent business Law Firm, is recognised for its technical expertise,...

The first ecuadorian data protection law have just came into force the last May 26th. Ecuador now starts a long and decesive journey...

Germany’s Federal Court of Justice decided on the scope of data subject’s rights under Art. 15 GDPR - and set certain limits....

At the legal intersection between the emerging distributed ledger technolgies and data privacy a lot has been said and written in...

The Federal Data Protection and Information Commissioner (FDPIC) has published in its new guidance how to proceed with data transfer...

Following one of ANPD’s main goals set out in its strategic agenda for 2021-2023, which includes establishing an effective regulatory...

The Bulgarian Supreme Administrative Court has referred several questions to the CJEU regarding preliminary rulings on the liability...

M. Bodero & Asociados is an Ecuadorian Law Firm, specialized in investment issues, complex transactions, business conflicts,...

The Austrian Supreme Court paved the way for a more coherent interpretation of the GDPR regarding damages by initiating the...

The pandemic context has accelerated the use of telework and triggered a shift towards additional flexibility of work that will most...

By filing an appeal against the first-instance decision, the controller worsened its situation when the supervisory body increased...

Regulatory pressure and heightened consumer concern around the use of third-party cookies to track users online and to deliver...

Argentina’s data protection authority, the Agency of Access to Public Information, i.e. the controlling authority pursuant to Data...

The pandemic year did not make data protection obsolete. Instead, a large amount of personal data was collected and processed in...

New Bill sets to Impose Limitations on Transfers of Personal Data FROM the US to countries to which export of personal data would...

Fitness trackers, electronic health cards, online consultations – the digital age has long since arrived in the world of medicine....

Francisco Perez Bes (INPLP member representing Spain) has edited the book "Artificial Intelligence and the Law" with the goal to...

Hungary’s new draft Act on National Data Assets introduces a new regime, where data held by state agencies and local governments...

On Oct. 1, 2020, amendements to the Regulation of Internet Broadcasts and Prevention of Crimes Committed through Such Broadcasts (Law...

Similar to GDPR, China’s draft Personal Information Protection Law also requires the designation of a Responsible Person for Personal...

Following a strike announcement by two Police unions (over low pay, among other issues), the Ministry of Interior published on its...

In January 2021, the Swedish Authority for Privacy Protection (“IMY”) published its privacy protection report for 2020 (the...

The on-going pandemic of Covid-19 has put many challenges before the society. In order to ensure healthy working environment, many...

INPLP continues its path of robust and professional growth and expects to welcome its 100th member in 2022.

Marval O’Farrell Mairal was founded in 1923 and is the largest law firm in Argentina. Being a market leader at both local and Latin...

Like the old Data Protection Directive, the GDPR allows the private sector to draft codes of conduct to help demonstrate compliance...

The article presents a current issue concerning sobriety data in the context of personal data protection and labour law from the...

SimpLEGAL is a Budapest-based state-of-the-art digital law firm both in the sense of practice areas and its client service methods....

As part of the fulfilment of the duties assigned to it by the General Data Protection Regulation (hereinafter “GDPR”), the National...

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has imposed a €475,000 fine on Booking.com because the company took...

Max Schrems and his organisation NOYB (None Of Your Business) have recently begun a new battle, taking place in Luxembourg! Legal...

According to the current Monegasque legislation, the automated processing of personal data is subject to the control of the CCIN...

The amendment on Enforcement Rules for the Act on the Protection of Personal Information was promulgated on March 26 of this year. ...

Spirit Legal is based in Leipzig, although they advise domestic and foreign businesses with an international focus, regardless of...

The dispute between the German Federal Cartel Office and Facebook continues before the ECJ. This may mean that business models of the...

The purpose of this Article is to provide an overview of the legal mechanisms by which personal data can be transferred from the...

The Polish Data Protection Authority has imposed on WARTA. S.A, a Polish insurance and reinsurance company, a new administrative...

Medical research is becoming increasingly reliant on the analysis of large amounts of biologically derived data. Greater scientific...

The European Data Protection Board issued the Guidelines 07/2020 on the concepts of controller and processor in the GDPR, version...

European Supervisory Authorities imposed more than €158m in fines under the GDPR during 2020; close to a 40% increase on the previous...

In Israel, as in many other countries, the coronavirus is rampant. There are various strategies available to contend with this...

Data breaches are violations of database security that may result not only from cyber attacks, as it is usually assumed, but also...

When it was introduced twenty years ago, Hong Kong’s data protection law was one of the leading regimes of its type in Asia. But time...

e|s|b Adwokaci i Radcowie Prawni (e|s|b Legal) is a boutique law firm with an international atmosphere and scale of activity, located...

The draft Data Governance Act, which was published by the European Commission last November, aims to foster the availability of both...

In one of its most recent decisions, the Swiss Federal Supreme Court ruled on smart metering. It decided that the permanent...

Živković Samardžić is one of the Serbia’s leading full-service independent law firms. Their 10 partners / 23 lawyers strong team...

Towards the end of 2020, the Romanian Data Protection Authority (ANSPDCP) disclosed on its website information regarding the...

A recent Opinion of the Bulgarian data protection authority and certain legislative changes lead to the conclusion that in Bulgaria...

Pinsent Masons is a full-service international law firm. They respond to the pressures and opportunities facing businesses globally...

On February 12th 2021 the city Court in Aarhus handed down the first verdict in Denmark that has led to a fine based on GDPR. The...

The Swiss Federal Supreme Court has made an interesting decision on the scope of the right to information under Swiss Federal Act on...

As personal data crossborder flows cannot benefit from the “EU-US privacy shield” anymore, as a consequence of the Schrems II...

Potential investors are being warned of the negative impact that the GDPR sanctions may have on the expected profitability of the...

Public authorities’ access to electronic communications data has always been and continues to be a hot topic, even (or especially)...

This article discusses how the proposed legislation seeks to strike a balance between protecting consumer’s personal information, and...

Despite being no stranger to data privacy regulation, only recently has Brazil enacted a comprehensive set of rules to regulate the...

On 19 October 2020, The Office of the Commissioner for Personal Data Protection ('the Commissioner') announced its decision to fine...

The GDPR explicitly allows Member States to determine whether and to what extent administrative fines can be imposed on public...

Gowling WLG provides its clients with in-depth expertise in key global sectors and a suite of legal services at home and abroad...

China published the Personal Information Protection Law (Draft) ("PIPL") for public consultation on 21 October 2020. This is the...

Pinsent Masons is a full-service international law firm. We respond to the pressures and opportunities facing businesses globally...

For many years, a common practice in Bulgaria is debtors to submit complains to the Bulgarian DPA for unlawful processing of their...

There is no shortage of recent examples of cyber-attacks and the current COVID-19 pandemic is undoubtedly contributing to an...

ALV Advogados is a mid-sized commercial law-firm established in 2006, with the purpose of assisting domestic and foreign clients in...

Art 15 GDPR does not only enable the data subject to obtain information on the content of his/her data undergoing processing, but...

This article presents interesting decisions on Austrian data protection law, in particular the decisions on (1) disclosure of trade...

Terrorist attacks aren’t new: they’ve been a feature of warfare ever since humans formed societies. As humanity evolves, the methods...

Pinsent Masons is a full-service international law firm. We respond to the pressures and opportunities facing businesses globally...

On 25th of September 2020, the Swiss parliament has adapted the Federal Act on Data Protection (FADP). However, the FADP - which aims...

ECIX is a consultancy specializing in data protection and regulatory compliance, helping its clients meet the challenges that the...

BONA FIDE is a full-service corporate law firm based in the Republic of North Macedonia and specialized in general corporate/M&A,...

On 17 December 2020, the Romanian Data Protection Authority (ANSPDCP) has published on its website a new administrative sanction in...

The Act on Improvement of Transparency and Fairness in Trading on Specified Digital Platforms

With a letter to the European Data Protection Board (EDPB), the International Network of Privacy Law Professionals (INPLP) made use...

The Monegasque Data Protection Authority (hereinafter “CCIN”) has just published its 11th Activity Report covering the year 2019, of...

In the wake of the decision of the Court of Justice of the European Union (CJEU) in Schrems II, controllers and processors have been...

The GDPR aims to establish a uniform legal framework applicable to the processing of personal data across Europe, while allowing...

The Spanish Data Protection Authority (AEPD) has just released a tool to help data controllers decide whether to communicate or not a...

Challenges Confronting Implementation Of Data Privacy And Protection Regulations In Nigeria

The U.S. government has published a whitepaper that outlines the robust limits and safeguards in the United States pertaining to...

Important recommendations EDPB (European Data Protection Board) after Schrems II and new standard contractual clauses ...

The International Network of Privacy Law Professionals hosted its 5th annual conference

The concept of open data in the European Union was firstly brought up by directive 2003/98/EC on the re-use of public sector...

The right to be forgotten is one of the more complex rights in the GDPR, requiring a careful balancing of principles and interests....

Under the GDPR, Codes of Conduct (CoC) constitute an effective accountability tool for achieving self-regulation and transparency of...

The Romanian Data Protection Authority ("Romanian DPA") has recently sanctioned three entities (two private companies and a...

Slovakia has recently witnessed a significant increase in the number of confirmed COVID-19 cases. The country exceeded the threshold...

The Danish Data Protection Agency has decided to supervise a number of activities in the research area. The Authority also initiates...

Technologies for facial recognition - capable of identifying and/or verifying a physical person automatically from a digital image or...

Under the Personal Data Protection Law No. 6698 Article 18 ("DPL") the Personal Data Protection Board (“Board”) has the authority to...

The DPA considered IBO’s processing to be in violation of the fairness requirement, transparency requirement and the accuracy...

The Israeli Privacy Protection Authority published a handbook for transport entities on the protection of privacy by in a digital...

In April 2019, the “EDPS” or European Data Protection Supervisor, launched an investigation into the use of Microsoft products and...

Although some jurisdiction such as EU's GDPR provide a mechanism for an organization to demonstrate its compliance to GDPR (Article...

The Spanish Data Protection Authority (AEPD) has just updated the Guide on the use of “cookies” to adapt it to the Guidelines 05/2020...

The Act on the Protection of Personal Information (“APPI”) of Japan was established in 2003, and had only been amended once, in 2015....

If systems such as Windows 7 and Windows Server 2008 R2 SP1 are no longer supported by Microsoft, this may result in inadequate...

Setterwalls is one of Sweden’s leading full-service business law firms, as well as one of Sweden’s largest law firms, with some 190...

Under the Personal Data Protection Law No. 6698 Article 18 ("DPL") the Personal Data Protection Board (“Board”) has the authority to...

In its Newsletter 4 (85) of July 2020 the Bulgarian Commission for Personal Data Protection (CPDP) released two opinions that provide...

The transformational value of data in today’s world cannot be overemphasised. The right to data privacy and protection is an...

In the context of the coronavirus pandemic, companies are implementing exceptional measures to protect the health and safety of their...

It is an undeniable fact that Artificial Intelligence (“AI”) has rapidly evolved in recent years and has even more swiftly been...

On 1 January 2020, a new Act allowing representative entities to seek damages in a collective action came into effect in the...

The annual report summaries the different issues on which the Italian Data Protection Authority (“Italian DPA” or “Authority”) worked...

On July 10, 2020, a press conference was held in the hall of Slovenia’s legislative body by Jožef Horvat, MP, a member of one of the...

The guidelines of the European Gaia-X cloud are now known.

The discussion is not new. The European Court of Justice (ECJ) had already decided on 01.10.2019. But only the German Federal Court...

On 6 May 2020, the Estonian Ministry of Justice sent for coordination round the concept of administrative fines. The goal is to...

Alliance Law Firm is a dynamic partnership registered under the laws of the Federal Republic of Nigeria. With a seamless blend of...

As everyone already knows, Article 53(2) of the General Data Protection Regulation prescribes the criteria that the director of a...

Criminal records contain personal data on the perpetrator of a criminal offense, on the criminal offense for which he was convicted,...

In May 2020 the Data Protection Commission (DPC) in Ireland issued its first fines under the GDPR, just prior to the second...

The 25th of May marked the second anniversary of the application of the General Data Protection Regulation (GDPR) in the European...

Due to the Covid-19 pandemic, the last debates in the Swiss parliament were postponed to the autumn session. However, an outlook can...

SGS Hong Kong Limited is the Hong Kong branch of SGS group. Established in 1878, SGS is the world’s leading inspection, verification,...

The Danish Protection Authority has adopted standard contractual clauses in accordance with article 28(3) of the GDPR. The national...

The Spanish DPA (AEPD) issued this May a statement regarding the practice of taking the temperature to data subjects in shops, work...

During the Covid-19 pandemic we received numerous and various questions from our clients regarding body temperature readings of...

In early May 2020, the Monegasque Data Protection Authority (Commission de Contrôle des Informations Nominatives, in brief “CCIN”)...

In February, the first decision of an Austrian Appellate Court regarding a claim for immaterial damages under Art 82 GDPR has been...

Dimitrov, Petrov & Co. (DPC) is a full-service business law firm, pioneer in the dynamic field of technology law and data protection...

Matsuda & Partners is a one-stop shop, offering a variety of legal services that cover business related practice including corporate...

During the unprecedented Covid-19 pandemic, but also before its appearance, the Greek Data Protection Authority (“DPA”) has taken an...

INPLP member, Olumide Babalola (Lagos, Nigeria), cordially invites the general public to the (virtual) presentation of a book titled...

For many companies, it is significant for customer acquisition not only to present the advantages of their own products and services,...

Founded in 1996, MOLITOR Avocats à la Cour is a highly respected and independent law firm in Luxembourg City, a full-service firm...

Nicole Beranek Zanon is a founding partner of de la cruz beranek Attorneys at Law Lt, which is one of the leading IT boutique law...

At the end of April, the European Union published non-binding guidance on apps supporting the fight against COVID 19 pandemic in...

Xawery Konarski is Senior Partner at Traple Konarski Podrecki & Partners which is one of the leading law firms on the Polish market...

The use of photographs in police investigations is nothing new. It is the use of algorithms so that a machine, using template image...

UK Supreme Court decision on an employer’s liability for data breach in the case of WM Morrison Supermarkets versus Various...

Olumide is the managing partner of Olumide Babalola, LP - his flagship full service law office with particular bias for digital...

It is not too uncommon for a single person to be in charge of general compliance in an organisation, and to also act as its DPO. Is...

On March 23, 2020, a 5 year class action that was until now under a gag order, was finally lifted and the Judgment (authorization of...

At the time of the fight against the corona virus pandemic, the need to establish an imaginary border between the protection of...

The COVID-19 pandemic and the measures to combat the spread of the virus are having a severe impact in a number of countries,...

This article answers many freuqently asked questions concerning data protection in turkey during times of Covid-19. ...

One of the possible solutions for processing personal data based on a legitimate interest of companies.

The Italian Data protection Authority (Italian DPA) issued two fines against Tim and Eni Gas e Luce, for a total amount of almost 36...

After many data protection authorities (in the European Union and beyond) provided guidance and FAQ's on the relationship between...

The re-use of Public Sector information has to be built on a balanced approach where the public interests of such use have to be...

The difficulty of drawing a hard-and-fast line between the right to privacy and the rights of other people to stay healthy ...

An administrative Fine of 82,000 EURO was imposed by the Cyprus Data Protection Authority concerning the lack of legal basis of...

The Dutch DPA imposed a fine of 525,000 euros for the unlawful sale of personal data by the Dutch national tennis association the...

This article presents interesting decisions on Austrian data protection law, which deal in particular with the admissibility of...

In order to guarantee protection of people who report breaches, I.E. Whistleblowers, employers will soon be obliged to create a clear...

While the GDPR deals extensively with the rights and claims of data subjects, it mainly leaves the provisions for the assertion of...

On the European Data Protection Day 2020 (i.e. on 28 January 2020), the Romanian DPA published (in Romanian and English languages) a...

The topic discussed here is the difference between personal data protection before the GDPR entered into effect and the current data...

2019 was a year of major developments for privacy and data protection in Ireland and abroad. According to Ireland, the year 2020 will...

Since the implementation of the GDPR, cloud players have been forced to both rethink their tools and review their contracts. ...

In Turkey, the Personal Data Protection Law No. 6698 (the "Law") requires data controllers to take all necessary technical and...

The end of the year is usually the time for reflections. Although the first year of GDPR officially ended at the end of May 2019, now...

The Office for Personal Data Protection of the Slovak Republic (hereinafter referred to as “Office”) pursuant to the provisions of §...

Article 32 of the GDPR on the security of processing has been one of the main focus areas of the Danish Data Protection Agency (the...

The Belgian electronic identity card system has been in vogue for a number of years now as a reliable means for electronic...

The Berlin Data Protection Authority has imposed an administrative fine against a Berlin real estate company for 14,5 Million euros...

On 16 October 2019, the German Data Protection Authorities (DPAs) published their concept of how to determine administrative fines. ...

More than a year has passed since the General Data Protection Regulation (hereinafter “GDPR”) has been applicable in all EU member...

Data, and not FIAT or digital currency, is the real currency that measures the worth of a gambling operation, and the single common...

On November 24, 2019 the Israeli Privacy Protection Authority (the “IPPA”) announced that it had hosted an inter-sectoral roundtable...

On 20 November 2019, the European Data Protection Board (EDPB) issued a draft of Guidelines on Data Protection by Design and by...

The preparatory work for the reform of the Monegasque data protection law (Act No. 1.165 of 23 December 1993, consolidated), carried...

Earlier in 2019 the Bulgarian data protection supervisory authority – the Bulgarian Commission for Personal Data Protection (“CPDP”)-...

Use of video recording of screens, coupled with recordings of telephone conversations in a professional setting, may be proportionate...

Law on Protection of Personal Data numbered 6698 provides under the article titled “Data Security Liabilities” that, data controllers...

In August 2019, Serbia started applying new Law on Personal Data Protection. Many challenges were expected before initiation of the...

In its recent judgment in the “Planet49 case”, the Court of Justice of the European Union (“CJEU”) held that consent for cookies...

Following a fast track procedure, the Greek Parliament adopted Law 4624/2019, which frames the provisions of the GDPR in Greece and...

The California Consumer Privacy Act (CCPA), a broad-based law protecting information that identifies California residents, was passed...

The California Consumer Privacy Act (CCPA), which takes effect in 2020, has been dubbed “GDPR-Lite” or “California GDPR” because it...

The California Consumer Privacy Act (CCPA), a broad-based law protecting information that identifies California residents, will take...

The California Consumer Privacy Act (CCPA), a broad-based law protecting information that identifies California residents, was passed...

This article presents the third out of three interesting decisions on Austrian data protection law, in particular dealing with...

When users browse through the internet, cookies perform multi-faceted functions for the benefit of both the webmasters and users...

This article presents the second out of three interesting decisions on Austrian data protection law, in particular dealing with...

For the first time, the Italian Data Protection Authority has exercised its power of "warning" provided by the GDPR, through which it...

This article presents the first out of three interesting decisions on Austrian data protection law, in particular dealing with...

The AEPD published in July 2019 a model report to help Public Administrations carry out im-pact assessments on data protection. ...

The Greek HDPA (Hellenic Data Protection Authority) imposed a fine of € 150.000,- on PWC Greece.

Over 2 years, GDPR and personal data protection has been discussed across the EU. Vast majority of companies, public authorities and...

This first fine under the GDPR is imposed on the Dutch Haga Hospital for having an insufficient internal security of patient records...

Slovenian courts have in place a system for audio recording of court hearings. The data recorded (which in itself constitute personal...

First, I would like to thank the members and the entire EuroCloud organization for letting me join their ranks. I sincerely thank...

Each Spring, the Estonian Data Protection Inspectorate (DPI) publishes its Annual, summarising its main activities of the previous...

To mark the occasion of GDPR's first anniversary, findings and statistics tracked from May 2018 to May 2019 concerning awareness,...

On the 14th of June 2019 (one year later than expected) Portugal has finally approved Draft Law no. 120/XIII/3.ª (GOV), implementing...

Until recently, most IT contracts, even the large-scale ones, were generally based on a simple purchase order and sometimes a...

We've introduced a new Area focused on GDPR and several enhancements to existing controls as part of this major update. ...

Last week the European Commission published guidance on the free flow of non-personal data, focussing on the interaction of the FFD...

Earlier in 2019 Bulgaria has become another European Union member to adopt the EU’s privacy regime. The Bulgarian Personal Data...

The Danish Data Protection Agency has reported the taxi company, Taxi 4x35, to the police and recommended the company for a fine of...

At the end of November 2018, the new Law on Personal Data Protection (Law) came into force but its application was postponed for nine...

The Belgian tax authorities maintain an online repository called FisconetPlus, on which tax payers can find key information and...

Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of...

In May 2018, the Israeli Protection Of Privacy Regulations (Data Security 2017) (the “Regulations”) came into effect. The...

Under Article 35 of the GDPR, the national Data Processing Authority (DPA) shall establish and make public a list of processing...

The aim of this article is to focus on three important legal opinions published by the Italian Data Protection Authority on the...

On the basis of the guidelines of the article 29 working party of what now is the EDPB (European Data Protection Board) and the...

The Spanish DPA published a recent report on the processing by political parties of personal data related to political opinions. ...

Since the 2016 referendum whereby voters expressed their wish for the United Kingdom (the “UK”) to leave the European Union (the...

In the light of the GDPR, on March 6, 2019, Slovenia’s Ministry of Justice published <a...

Where does the role of the data protection authority (DPA) end and where the court takes priority? The relevant legal provisions are...

This article presents three interesting decisions on Austrian data protection law, in particular dealing with an unlawful video...

General Data Protection Regulation (GDPR) brought (for the Czech legal environment completely new) legal construct of joint...

EuroCloud Europe publishes a new whitepaper in partnership with RedHat and Accenture, tracing the drivers of change across the...

In the case of a service provider that is not contracted by a controller to process personal data on its behalf but may gain custody...

The EDPB (European Data Protection Board) assessed in its January 22, 2019 report once again whether the safeguards provided under...

French data protection authority CNIL has slapped a €50 million ($57 million) on Google for failing to meet requirements under the...

EuroCloud Europe will establish a European database of case-studies describing sector specific joint-controllership relations, as...

EuroCloud Europe will undertake to create a European database of data-breach-related DPA decisions and court judgments. ...

According to the Oberlandesgericht Hamburg (Higher Regional Court Hamburg) violations of data protection rules can also mean a...

In the last six months, the EU Court of Justice has provided its views on the roles of different parties processing personal data on...

The year 2018 was for Monaco a preparatory year for the forthcoming adaptation of Act No. 1.165 on the protection of personal data,...

Government agencies and public organisations have the obligation to appoint a DPA, regardless the type of data they process. ...

During 2018, the Not-for-Profit International Network CPC set up some study groups with the aim to analyze and compare the Member...

The EuroCloud Awards recognize the best digital services from Europe and around the world based on their underlying cloud computing...

In August 2018, the Supreme Court of the Republic of Slovenia upheld the judgements of the lower courts finding the publisher and the...

The Greek Parliament recently enacted Law 4577/2018, the purpose of which is to transpose Directive (EU) 2016/1148 on security of...

Uber US and Uber Netherlands were considered to be joint controllers which made them both separately liable for claims of customers...

Vienna, 24 Nov 2018: This year, lawyers from 13 countries attended the event in Vienna and approved a comprehensive list of...

Paragraph 6, Article 38 of the General Data Protection Regulation (GDPR) allows the Data Protection Officer (DPO) to fulfil other...

The Agencia Española de Protección de Datos ( AEPD) presented guidelines regarding the management and notification of security...

Privacy issues in mergers and acquisitions take the attention of transaction parties among other things in these days. ...

With Legislative Decree n. 101/2018 the Italian legislator has finally taken the last necessary step in order to coordinate the local...

As the legal representatives of the Slovak Anti-doping Agency (hereinafter referred to as “SADA”), we have taken part in several...

The CNPD (Portuguese Data Protection National Commission), as the Portuguese supervisory authority, has approved Regulation nr....

In-vehicle emergency call (eCall) systems, which have been in use for a long time, are defined as systems within vehicles being...

Since the application of the GDPR, the days of the EU-U.S. Privacy Shield may be numbered and parties to an IT contract must be on...

With the entry into force of Regulation (EU) 2016/679 (the “General Data Protection Regulation”) on 25th May 2018, the matter of...

The new practice of the Danish Data Protection Agency requires all work related e-mails containing personal data is to be encoded...

This year, on the 25th of May 2018, the highly anticipated and monumental EU General Data Protection Regulation (henceforth “the...

Ireland's Data Protection Act 2018 (the "DPA"), which implements elements of the European Union's General Data Protection Regulation...

Privacy is key to a healthy information society and the recently-enacted GDPR offers EU citizens significant control over how their...

The Portuguese Data Protection Authority (“DPA”) recently announced a public consultation on the list of processing activities that...

The Estonian data protection authority (Data Protection Inspectorate, DPI) issued guidance on the definition of “large scale”...

The national Law on Personal Data Processing (the National Law) has entered into force on July 5th, 2018, which made Latvia the first...

Dr. Gege Gatt, Partner of the EuroCloud CPC Network, shares his thoughts following the recent landmark judgement by the German Court...

The General Data Protection Regulation (GDPR) stipulates that (data) controllers must carry out what is known as a "data protection...

The adoption of the U.S. Cloud Act weakens the integrity and security model of leading public cloud providers. ...

The Spanish DPA issued a check-list regarding regulatory compliance to facilitate the implementation of GDPR. ...

On 27 June 2018, the Romanian Parliament finally approved the Romanian law intending to cover the open clauses under the General Data...

The General Data Protection Regulation (GDPR) came into full operation on 25 May 2018 and was described by the Information...

Halfway through 2018, we have published a presentation brochure detailing the status and results the Cloud Privacy Check (CPC)...

The Monegasque Data Protection Authority has published on its website on May 2, 2018 a list of the key questions on the GDPR...

With the GDPR being enforced on 25th of May, we decided to take a glimpse back into the history of data privacy and traced it's first...

The Latvian legislator is facing delays with the adaptation of the national Law on Personal Data Processing (the Draft Law). On April...

Zepos & Yannopoulos, partners of the EuroCloud CPC network, participated in a multi jurisdictional exercise organised by the...

The act will to some extent replace the Danish Act on Processing of Personal Data and it will enter into force simultaneously with...

GDPR is knocking on the door. Being a Europe’s country, and not being a European Union member country yet, does not release the...

Liability caps in contracts under the GDPR is a hot-button issue for data controllers and data processors. A few days before the...

Consent of a data subject is often used by data controllers in order to ensure lawful data processing. Still, processing on the...

Earlier in March 2018, the Maltese press reported and revealed that private individuals have successfully requested that court cases...

Even though the GDPR is directly applicable in the Member States, it has left open the possibility for Member States to enact...

Ireland's Data Protection Bill 2018 (the "Bill"), which will implement elements of the European Union's General Data Protection...

The long-expected General Data Protection Regulation (GDPR) comes with new, specific requirements for data processing agreements, as...

The Italian Legislator recently adopted two new laws on data protection matter, Law. n. 167/2017 and Law n. 205/2017, with the aim of...

In a world where smart technology has become the norm, where people access their phones and TVs with fingerprints and voice commands,...

The article presents three interesting decisions on Austrian data protection law, in particular dealing with control measures at the...

The Belgian Act of 3 December 2017, which was published in the Belgian Official Journal on 10 January 2018, partially implements the...

Die österreichische Datenschutzbeauftragte Andrea Jelinek wurde zur Leiterin der Artikel-29-Datenschutzgruppe gewählt. Diese wird ab...

Public hospitals in Norway are organized in a structure where they are owned by four different regional legal entities. The regional...

The data protection officer (DPO) is a key function/office/position under the GDPR responsible for compliance with data protection...

General Data Protection Regulation (GDPR) is going to govern the personal data protection matters across Europe since May 2018. Even...

The 20Q&A project is intended to give the reader a quick overview and short summary of the most urgent questions regarding the...

The Data Protection Bill (Bill) will replace the Data Protection Act 1998 and will implement the General Data Protection Regulation...

It would be wrong to infer from the fact that the Principality of Monaco is a non-EU State, that the General Data Protection...

A new Data Protection Bill will soon issue which will implement elements of the GDPR into Irish law and overhaul the Office of the...

Data is a resource for digital business and we can expect more and more rules regulating this vital resource. In addition to the GDPR...

The GDPR introduced an antitrust-type sanction regime with fines which, for severe infringements, may amount up to 20 million euros...

Latvian Ministry of Justice has drafted text of new Personal Data Processing Law, which fulfils the assignment of Regulation (EU)...

The CPC Conference participants present in Vienna between 24-26 November 2017 offer their feedback of the event. ...

In implementation of the General Data Protection Regulation (2016/679), the Belgian Privacy Commission is being replaced by a new...

The 2nd Cloud Privacy Check (CPC) event took place between 24-26 November 2017 in Vienna, Austria.

This last decade has undoubtedly marked a vast and worldwide sociological evolution which has defined and created a new generation...

The Spanish DPA (AEPD) presents “Facilita RGPD”, a tool created to help companies comply with the European Data Protection Regulation...

In the recent case between the Data Protection Commissioner vs Facebook Ireland ltd and Maximillian Schrems of October 3rd 2017,...

A rapid overview of Luxembourg’s latest legislative measures in its preparation for European package on Data Protection with a...

Even if a person does not know anything else about the GDPR, it usually knows about the massive potential fines the GDPR will bring...

The EU data protection reform package consisting of the General Data Protection Regulation (EU) 2016/679 (in German:...

On Sept. 5, the European Court of Human Rights handed down a landmark judgement about privacy and monitoring at the workplace. The...

Is your cloud compliant? Cloud experts Dr. Tobias Höllwarth, Dr. Jens Eckhardt, Christian Laux, and Dr. Clemens Thiele explore the...

The GDPR clearly sets out the rights and obligations of sub-processors and requires them to meet strong contractual requirements. ...

With the upcoming entrance into force of the new General Data Protection Regulation in May 2018, the Bulgarian Commission for...

A brief discussion regarding the obligation of Controllers to notify the data subject and supervisory authority in the event of a...

On May 24, 2017, the Danish Ministry of Justice published their long-awaited report on the Personal Data Regulation, which will...

As we get closer to May 2018 when the GDPR will enter into force, the discussions on whether organisations should appoint a DPO and...

Amid the rush to be GDPR-ready, the former European Commissioner for Digital Economy and Society was campaigning for a comprehensive...

Cloud service providers (hereinafter referred to as the „CSP“) offer nowadays a wide spectrum of cloud computing services. Benefits...

The GDPR encourages (through the Member States, the supervisory authorities, the Board and the Commission) the adoption of data...

The GDPR clarifies the concept of “joint controllers”, which is of particular interest for the cloud computing community. Already...

While studies show that there is a medium / high degree of awareness of the obligations and impacts of implementing the GDPR, the...

The article presents three interesting decisions on Austrian data protection law, in particular dealing with the scope of the right...

The GDPR clarifies the clauses to be contained in a data processing agreement. The new European Regulation does not change the...

At a time where the General Data Protection Regulation (“GDPR”) has been spoken and written about extensively in all European...

Introducing high administrative fines (a maximum of EUR 20 million or 4% of global annual turnover, depending on which is higher) and...

Right before the midsummer holidays, the TATTI working group appointed by the Finnish Ministry of Justice published its report on the...

The Supreme Court rules in favour of suspects' privacy while the Parliament declares "revenge porn" a criminal act. ...

The General Data Protection Regulation (GDPR) will apply from 25 May 2018. Until then, all regulations of the GDPR have to be...

Recently the Dutch Data Protection Authority (Autoriteit Persoonsgegevens: "AP") published a 10-step-plan for Dutch organizations to...

Modern cars generate, collect and process a large quantity of data. Some of the data can be linked to the owner, the driver and/or...

A safer and people-friendlier cloud must be built at the European level.

EuroCloud Europe has published in June 2017 a new whitepaper "Cloud & Annual Accounts".

EuroCloud Europe has published in June 2017 a new whitepaper "Cloud & Data Protection - The Cloud Privacy Check (CPC)". ...

Today the processing of personal data in Sweden is regulated in the Personal Data Act (Sw. Personuppgiftslag (1998:204)). On 25 May...

By a press release dated April 28th, 2017, the Italian Data Protection Authority (“DPA”) issued its first guidelines (“Guidelines”)...

I write this text assuming that the reader already knows well about the four-step test implemented by the CPC...

The free movement of personal data within the EEA is a cornerstone of the Single Market – crucial to businesses and consumers...

On May 5th, 2017 the Turkish Data Protection Authority published the Draft Regulation on Data Controllers’ Registry (“Draft...

Data protection becomes hotter and hotter. Years ago a rather low tier area of law and practice, data protection is now being...

A look at the new European Regulation which is bringing Data Protection law into the new century.

Respect for basic human rights and freedoms is a conditio sina qua non for continuous and proper development of individuals and...

The Spanish DPA intends to make it easier for SMEs to be aware -during the transitional period until May 25, 2018- of the impact that...

The Irish Data Protection Commissioner ("DPC") published a guidance note on the General Data Protection Regulation ("GDPR") in...

While the Ministry of Justice of the Republic of Latvia is working on the changes of national legislation for the application of the...

The right to be forgotten under article 17 of GDPR brought up conflict between the right of an individual to object to processing his...

The Monegasque Data Protection Authority (CCIN) announced on the European Data Protection Day (28 January 2017) the possibility for...

On April 7th 2016, the long awaited Law on the Protection of Personal Data was enacted (the “Law”) in Turkey to regulate process and...

The access to and review of corporate emails, other electronic communications and electronic files stored on the business computers...

The upcoming General Data Protection Regulation contains an obligation to conduct a data protection impact assessment (DPIA) for...

On 8 March 2017, the annual Cloud Conference organised by IT News (in Estonian: ITuudised) took place in Tallinn, Estonia. The...

The Danish Ministry of Justice has begun its work with the Danish adoption of the General Data Protection Regulation (the GDPR) in...

The GDPR brings a new hope for the application of BCRs, especially for cloud providers (as processors), as they are given specific...

In January 2017, the Office for Personal Data Protection of the Slovak Republic initiated the legislative process leading to the new...

Polish DPA recent opinion on encryption as preferred response to confidentiality risks associated with email. ...

A case of the DSB (Austrian Data Protection Office) and one of the VwGH (Austrian Administrative Supreme Court) are presented below....

Paris, 6th of February 2017: meeting at the offices of Alain Bensoussan Avocats Lexing with Alain Bensoussan, Eric Le Quellenec,...

The Malta IT Law Association (MITLA) organised a workshop on Cloud Computing on the 12th of December 2016.

Lawyers from 32 countries have created the Cloud Privacy Check (CPC), the largest European information platform explaining data...

Contributors of the CPC projects from 20 countries met in Vienna for two days to prepare for the publications of the international...

25th February, Zürich: Meeting with CPC (cloudprivacycheck.eu) partner Dr. Laux in Switzerland to prepare Phase2 of the project....

Tobias Höllwarth draws some lines between the new EU General Data Protection Regulation, Binding Corporate Rules, strategies of...