The European Data Protection Board recently published Guidelines on the Targeting of Social Media Users, which aim to provide practical guidance on the role and responsibilities of social media providers and those using targeting services.
Continue Reading EDPB Published Guidelines on the Targeting of Social Media Users
DPIA
UK Court of Appeal Finds Automated Facial Recognition Technology Unlawful in Bridges v South Wales Police
On August 11, 2020, the Court of Appeal of England and Wales overturned the High Court’s dismissal of a challenge to South Wales Police’s use of Automated Facial Recognition technology, finding that its use was unlawful and violated human rights.
Continue Reading UK Court of Appeal Finds Automated Facial Recognition Technology Unlawful in Bridges v South Wales Police
New Dubai International Financial Centre Data Protection Law Comes into Effect
On July 1, 2020, the Dubai International Financial Centre Data Protection Law No. 5 of 2020 came into effect, but due to COVID-19, companies have until October 1, 2020 to comply. …
Continue Reading New Dubai International Financial Centre Data Protection Law Comes into Effect
CNIL Publishes Guidance on Web Scraping and Re-Use of Publicly Available Online Data for Direct Marketing
On April 30, 2020, the French Data Protection Authority published guidance on the extraction of web users’ personal data from online public spaces by web scraping tools and re-use of such data for direct marketing purposes.
Continue Reading CNIL Publishes Guidance on Web Scraping and Re-Use of Publicly Available Online Data for Direct Marketing
CNIL Publishes Standard on HR Data Processing
On April 15, 2020, the French Data Protection Authority published the final version of its standard concerning the processing of personal data for core Human Resources management purposes.
Continue Reading CNIL Publishes Standard on HR Data Processing
CNIL Publishes Standard on Whistleblowing Hotlines
On December 10, 2019, the French Data Protection Authority published the final version of its standard concerning the processing of personal data in the context of whistleblowing hotlines.
Continue Reading CNIL Publishes Standard on Whistleblowing Hotlines
CNIL Publishes List of Processing Operations Not Subject to DPIA
On October 22, 2019, the French Data Protection Authority (the “CNIL”) published a list of processing operations (in French) that it considers not requiring a data protection impact assessment (“DPIA”). The CNIL had previously adopted and published a final list of processing operations requiring a DPIA on November 6, 2018. The final list includes 12 types of processing operations for which a DPIA is not considered mandatory. The CNIL provided concrete examples for each type of processing operation, including:…
Continue Reading CNIL Publishes List of Processing Operations Not Subject to DPIA
High Court Dismisses Challenge to Police Use of Facial Recognition Technology
On September 4, 2019, the High Court of England and Wales dismissed a challenge against South Wales Police’s use of Automated Facial Recognition technology, determining that the police’s use of AFR had been necessary and proportionate to achieve their statutory obligations.
Continue Reading High Court Dismisses Challenge to Police Use of Facial Recognition Technology