Data Protection Authority

On October 22, 2019, the French Data Protection Authority (the “CNIL”) published a list of processing operations (in French) that it considers not requiring a data protection impact assessment (“DPIA”). The CNIL had previously adopted and published a final list of processing operations requiring a DPIA on November 6, 2018. The final list includes 12 types of processing operations for which a DPIA is not considered mandatory. The CNIL provided concrete examples for each type of processing operation, including:
Continue Reading

The Centre for Information Policy Leadership at Hunton Andrews Kurth and the Instituto Brasiliense de Direito Público recently had the first of a series of workshops for their joint project on “Brazilian Data Protection Implementation and Effective Regulation.” This blog entry provides details on the workshop and project.
Continue Reading