France: FIRST SANCTION OF AN ONLINE SHOES COMPANY BY CNIL ACTING AS A LEAD AUTHORITY FOR SEVERAL INFRINGEMENTS TO GDPR REQUIREMENTS

On 12 August 2020
CNIL, Data Protection, Data Security, France, GDPR, sanctions

On 28 July 2020, the French Supervisory Authority (the “CNIL”) sanctioned the online shoes retail company, SPARTOO SAS, by a €250,000 fine and an injunction to comply with GDPR within 3 months under penalty for various non-compliances with the GDPR of the personal data processing related to clients, prospects and employees[1]. I. Factual background and […]

On 7 August 2020
Data Protection

Thailand’s Personal Data Protection Act (“PDPA“) is in the process of being updated, and full implementation and compliance are expected by 1 June 2021. This comes by way of the Notification of the Ministry of Digital Economy and Society Re: Personal Data Security Standards B.E. 2563 (2020) (“Notification“) which was recently released by the Thai […]

On 3 August 2020
personal information

The Japanese Diet has recently approved a bill to amend the APPI. This is expected to result in a strengthening of rights for data subjects while making data breach notifications mandatory and increasing penalties for noncompliance. Is your business ready for these upcoming changes? Overview of the Amendment On 5 June 2020, the Japanese […]

On 29 July 2020

Until recently, most decisions of the Belgian Data Protection Authority (Belgian DPA) concerned national companies or individuals. However, on 14 July 2020, the Belgian DPA imposed a fine of EUR600,000 on Google Belgium SA/NV (Google Belgium) for not respecting a Belgian resident’s right to be forgotten. This is the highest fine ever imposed by the […]

On 27 July 2020

On 23 July, the European Data Protection Board issued a set of Frequently Asked Questions with regard to the Schrems II decision of the Court of Justice of the European Union. More information on the Schrems II decision can be found in our Privacy Matters blogpost of 16 July 2020. The main takeaways from these […]

On 22 July 2020

As the world moves into the next phase of the fight against Covid-19, governments are loosening lockdown measures and assessing strategies intended to contain new spikes and control the rate of infection. Contact tracing has been touted as a potential game-changer, with several countries around the world releasing apps that alert those who have come […]

On 21 July 2020
Personal Data

Summary The Irish Court of Appeal has clarified the scope of the definition of personal data – noting that, while the definition is deliberately very broad, it does not facilitate access by an individual to reports stemming from a complaint for the sole reason that the complaint was made by that individual. On 1 July […]

On 16 July 2020

Today, the EU’s highest court, the Court of Justice of the European Union (CJEU), handed down its judgment on the long-awaited case Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Case C-311/18, commonly referred to as “Schrems II”). In one of the most anticipated judgments of the year, the CJEU declared the EU-U.S. Privacy Shield […]

Page 1 of 5612 3 ›»

About this site

Categories

Key publications

Thailand: Personal Data Protection Act (PDPA) Amendments on the way: What does this mean for your company?

Japan: Protection of Personal Information (APPI) Act to be Amended: Is your Business Ready?

Belgium: Belgian DPA imposes a EUR600,000 fine, its highest fine ever, on Google Belgium for non-compliance with right to be forgotten

Europe: EDPB issues FAQs on Schrems II – No Grace Period for Privacy Shield Transfers; Case-by-Case Assessments Required to Continue with SCCs

Webcast – Covid-19: Contact Tracing, Data Privacy and Public Trust

Ireland: Irish Court of Appeal Clarifies Boundaries of Concept of Personal Data

EUROPEAN COURT DECISION – EU-US PRIVACY SHIELD DECLARED INVALID; STANDARD CONTRACTUAL CLAUSES REMAIN VALID SUBJECT TO CONDITIONS