The Netherlands: DPA imposes EUR 830,00 fine for access request fees

On the 6th of July 2020, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA“) published its decision to impose a fine of 830,000 EUR on Stichting Bureau Krediet Registratie (BKR). BKR keeps an electronic file of the loans and debts people have in the Netherlands, stored in a central database. Companies like financial institutions …

The Netherlands: DPA imposes EUR 830,00 fine for access request fees Read More »

New Zealand: Significant changes to NZ’s Privacy Act – but where is the bite?

By: Nick Valentine, Laura Scampion, Rachel Taylor After a lengthy process (dating as far back as 1998, depending on how you measure it) the Privacy Bill, which amends the Privacy Act 1993, has finally made its way through Parliament, receiving Royal Assent on 30 June 2020. The amendments, which come into effect on 1 December 2020, …

New Zealand: Significant changes to NZ’s Privacy Act – but where is the bite? Read More »

UK: New COVID-19 rules for the hospitality industry on collecting visitor contact information : Data protection considerations

Andrew Dyson, Alexa Smith The hospitality industry has been hard hit by COVID-19. Measures introduced this week by the UK government to ease restrictions for the sector come with a condition – if you open a pub, restaurant or other hospitality venue for business you must keep a record of patrons who visit and be …

UK: New COVID-19 rules for the hospitality industry on collecting visitor contact information : Data protection considerations Read More »

Germany: Federal Court summary judgment: FCO achieves stage victory against Facebook

In the eagerly awaited decision in the proceedings against Facebook for abuse of a dominant position (KVR 69/19 – decision of 23 June 2020), the German Federal Court of Justice (“FCJ”) provisionally confirmed the decision of the German Federal Cartel Office (“FCO”). According to the FCJ, there were no serious doubts that Facebook was abusing …

Germany: Federal Court summary judgment: FCO achieves stage victory against Facebook Read More »

France: Google LLC loses appeal against French Data Protection Authority decision before France highest administrative court

Denise Lebeau-Marianna, Partner & Alexandre Balducci, Associate – DLA Piper France LLP Further to two complaints filed by non-governmental organisations None Of Your Business (NOYB) and La Quadrature du Net (LQDN), the French data protection supervisory authority (CNIL) restricted committee imposed on January 21, 2019 a EUR 50 million administrative fine against Google LLC for …

France: Google LLC loses appeal against French Data Protection Authority decision before France highest administrative court Read More »

US: The CCPA ‘Moving Target’ One Month Before Privacy Enforcement Begins

By Jim Halpert With the California Consumer Privacy Act (CCPA) enforcement deadline only a month away, Chief Privacy Officers still must grapple with significant uncertainties about what exactly the law requires. First, the final regulations issued by  the California Office of the Attorney General were just released to the public on June 2, with a …

US: The CCPA ‘Moving Target’ One Month Before Privacy Enforcement Begins Read More »

US: California AG posts final proposed CCPA Regulations and offers insights ahead of July 1 enforcement deadline

By Kate Lucente, Jim Halpert, Lael Bellamy   The California Attorney General has posted the final proposed CCPA Regulations, which were submitted to the California Office of Administrative Law (OAL) on June 1, 2020. The final proposed regulations are virtually unchanged from the prior version, posted on March 11. (You can review our analysis of the prior …

US: California AG posts final proposed CCPA Regulations and offers insights ahead of July 1 enforcement deadline Read More »

Belgium: Belgian Data Protection Authority issued 59 sanctions past 12 months

By Frederik Ringoot The Belgian Data Protection Authority (BDPA) used the GDPR second anniversary as a milestone to issue a news alert with statistics on the actions it has taken since May 2019 (figures from 25/05/2019 to 20/05/2020). Some statistics: Topic Statistics Reported data breaches 937 Information requests 4,438 Complaints (incl. mediation requests) 351 Requests …

Belgium: Belgian Data Protection Authority issued 59 sanctions past 12 months Read More »

UAE Dubai: DIFC Data Protection Law 2020

Dubai’s International Financial Centre, the world class financial hub and free zone established in 2004, has an updated data protection law (“Updated Law”).  The Updated Law builds upon the DIFC’s 2007 data protection law (“Old Data Protection Law”) and now includes concepts from the EU’s GDPR, as well as other laws from around the world, …

UAE Dubai: DIFC Data Protection Law 2020 Read More »

China: (More) Important Developments in China’s Privacy and Cyber Laws

China’s privacy and cyber authorities have been busy in the last month enacting substantial enhancements and clarifications to data protection compliance obligations; and even more changes are expected before the end of 2020. Key highlights – and the key steps for local and international organisation to take – are as follows: 1.  New national level …

China: (More) Important Developments in China’s Privacy and Cyber Laws Read More »

Europe: One-Stop-Shop cooperation becoming more transparent

By Enrique Gallego Capdevila and Eline Dekyvere On the week of the two-year anniversary of the General Data Protection Regulation (GDPR), the European Data Protection Board (EDPB) announced that a register containing decisions taken by Supervisory Authorities (SAs) following the One-Stop-Shop (OSS) cooperation procedure will be made publicly available on its website. This is an …

Europe: One-Stop-Shop cooperation becoming more transparent Read More »

UK: The return from home working presents its own cyber security risk – what is it and what should you be doing?

David Cook, John Gollaglee Companies across the world have been forced to change business practices in lots of different ways in order to meet the needs of a workforce who are prevented from going to the traditional office environment. This has given rise to a cyber security risk and there has been an inevitable vulnerability …

UK: The return from home working presents its own cyber security risk – what is it and what should you be doing? Read More »

Germany: Right of consumer protection associations and competitors to initiate civil actions under GDPR will be case for CJEU

The Federal Court of Justice (“BGH”) has submitted to the Court of Justice of the European Union (“CJEU”) the question whether consumer protection associations or competitors are authorised to initiate a civil action in case of infringements of the General Data Protection Regulation (GDPR) (BGH, decision of 28 May 2020, Ref. I ZR 186/17). In …

Germany: Right of consumer protection associations and competitors to initiate civil actions under GDPR will be case for CJEU Read More »

Germany: Federal Court rules on obligation to obtain cookie consent

The long-awaited decision of the German Federal Court (BGH) on the question of whether cookies require consent in Germany has been made: The court (case no. I ZR 7/16) affirms the obligation to consent and thus obliges website operators to ask users for their permission before cookies are stored or read on their end devices. …

Germany: Federal Court rules on obligation to obtain cookie consent Read More »

Finland: Data Protection Authority sends GDPR anniversary greetings issuing its first fines

 THREE ADMINISTRATIVE FINES ISSUED IN FINLAND by Aleksi Nieminen  Just as the second anniversary of the GDPR was looming close, the Data Protection Ombudsman’s collegial body, responsible for determining administrative fines in Finland, issued administrative fines against three Finnish companies for their infringements of data protection laws. The infringements concerned inadequate informing of data subjects, …

Finland: Data Protection Authority sends GDPR anniversary greetings issuing its first fines Read More »

Singapore: Important changes proposed to Singapore’s Personal Data Protection Act

Organisations should plan ahead for significant changes to Singapore’s Personal Data Protection Act (“PDPA”), proposed in a consultation paper published on 14 May 2020. It is likely that most of the amendments set out in the draft Personal Data Protection (Amendment) Bill 2020 (“Bill”) will be passed, since the PDPC has previously carried out three …

Singapore: Important changes proposed to Singapore’s Personal Data Protection Act Read More »

The Netherlands: DPA changes position – taking temperature might not be subject to GDPR

Since the COVID-19 outbreak, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA”) had made it clear, on several occasions, that taking temperature tests (or otherwise processing health data) as a precautionary measure in light of COVID-19 is a strict “no go”. The position of the Dutch DPA was that most individuals, in particular employees …

The Netherlands: DPA changes position – taking temperature might not be subject to GDPR Read More »

UK: ICO issues new guidance on COVID-19 testing and monitoring in the workplace

The Information Commissioner’s Office (“ICO”) has published guidance for employers on complying with data protection law when taking steps to manage Covid-19 health and safety risk in the workplace  (“Guidance”). The Guidance focuses on ‘testing’ of employees (which includes collecting data about symptoms and the conducting of temperature checks, and well as collecting data about Covid-19 …

UK: ICO issues new guidance on COVID-19 testing and monitoring in the workplace Read More »