On September 24, 2019, the Court of Justice of the European Union released its judgments in cases C-507/17, Google v. CNIL and C-136/17, G.C. and Others v. CNIL regarding (1) the territorial scope of the right to be forgotten, and (2) the conditions in which individuals may exercise the right to be forgotten in relation to links to web pages containing sensitive data.
Continue Reading
Personal Data
Dutch DPA Releases Complaints Report for First Half of 2019
Posted on
Posted in European Union, International
On September 9, 2019, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, the “Dutch DPA”) published a report on the privacy complaints it received between January 2019 and June 2019 (the “Report”).
…
Continue Reading
Majority of CCPA Amendment Bills Passed by California Legislature
Posted on
California marked the end of the 2019 legislative session this past Friday, September 13, by passing five out of six pending bills to amend the California Consumer Privacy Act of 2018. This blog entry provides a summary on the bills.…
Continue Reading
Cayman Islands Data Protection Law Goes into Force This Month
Posted on
Posted in International
The Cayman Islands Data Protection Law, 2017, which was published in June 2017, will go into force on September 30, 2019. The DPL includes requirements for the protection of personal data and is centered upon eight data protection principles.…
Continue Reading
Swedish Data Protection Authority Issues First Fine Under GDPR
Posted on
On August 21, 2019, the Swedish Data Protection Authority imposed its first fine since the EU General Data Protection Regulation came into effect, fining a school 200,000 Swedish Kroner for creating a facial recognition program in violation of the GDPR.…
Continue Reading
New French Data Protection Act and Implementing Decree Take Force
Posted on
Posted in European Union, International
On June 1, 2019, New Decree No. 2019-536 took force, enabling the French Data Protection Act, as amended by an Ordinance of December 12, 2018, likewise to enter into force. This blog entry provides an overview of the developments. …
Continue Reading
CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures
Posted on
On June 6, 2019, the CNIL announced that it levied a fine of 400,000 Euros on SERGIC, a French real estate service provider. This blog entry provides an overview of the case. …
Continue Reading
Thailand’s First Personal Data Protection Law Enters into Effect
Posted on
Posted in Information Security, International
On May 27, 2019, Thailand’s Personal Data Protection Act B.E. 2562 (A.D. 2019) was finally published in the Government Gazette, and thus became effective on May 28, 2019. …
Continue Reading
Age Appropriate Design: ICO Issues Draft Code of Practice for Online Services Used by Children
Posted on
On April 15, 2019, the UK Information Commissioner’s Office issued for public consultation a draft code of practice that, once in effect, will regulate the provision of online services likely to be accessed by children in the UK. This blog entry provides an overview of the draft code. …
Continue Reading
FTC Settles with Two Online Operators for Failing to Secure Customers’ Data
Posted on
On April 24, 2019, the Federal Trade Commission announced two data security cases involving online operators that were alleged to have failed to take reasonable steps to secure consumers’ data, which allowed hackers to breach both websites.…
Continue Reading