Privacy Matters

DLA Piper's Global Privacy and Data Protection Resource

Data Protection

The CNIL’s key priorities for upcoming dawn-raids in 2021

2 April 2021 / , , , , , ,

Every year, the French supervisory authority (the “CNIL”) publishes its key priorities for upcoming dawn-raids. In 2021, more than 50% of the CNIL’s dawn-raids will focus on: (i) websites cybersecurity, (ii) health data protection and (ii) cookies. 1. Websites cybersecurity Website security incidents are among the most common non-compliances identified by the CNIL during its …

The CNIL’s key priorities for upcoming dawn-raids in 2021 Read More »

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced

25 March 2021 / , , ,

Authors: Carolyn Bigg, Venus Cheung Operators of e-commerce platforms, websites and apps in China, and those using third party e-commerce, social media or livestreaming platforms to sell their products and services in China, must update their operations, services and systems in advance of wide-ranging new rules. The Measures for the Supervision and Administration of Online …

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced Read More »

US: Virginia passes comprehensive consumer data protection law

18 March 2021 / ,

Author: Jim Halpert Virginia’s Governor signed the Virginia Consumer Data Protection Act (“VCDPA”) into law on March 2, 2021.  The VCDPA takes effect January 1, 2023 and is a broad, multi-rights privacy law that, in some ways, resembles the CCPA, GDPR, and other recently proposed state privacy legislation.  A study committee will review the VCDPA …

US: Virginia passes comprehensive consumer data protection law Read More »

France: New guidance for data retention

12 October 2020 / , , , , , ,

By Denise Lebeau-Marianna – Partner and  Yaël Hirsch – Senior Associate The French Supervisory Authority (the “CNIL”) has issued new updated guidelines on data retention during the month of July (the “CNIL’s Guidelines”)[1]. They provide more practical guidance and update the CNIL previous Recommendations dated 11 October 2005 on the conditions of archiving personal data[2]. …

France: New guidance for data retention Read More »

France: First sanction of an online shoes company by CNIL acting as a lead authority for several infringements to GDPR requirements

12 October 2020 / , , , , ,

On 28 July 2020, the French Supervisory Authority (the “CNIL”) sanctioned the online shoes retail company, SPARTOO SAS, by a €250,000 fine and an injunction to comply with GDPR within 3 months under penalty for various non-compliances with the GDPR of the personal data processing related to clients, prospects and employees[1]. I. Factual background and …

France: First sanction of an online shoes company by CNIL acting as a lead authority for several infringements to GDPR requirements Read More »

Thailand: Personal Data Protection Act (PDPA) Amendments on the way: What does this mean for your company?

10 August 2020 /

Thailand’s Personal Data Protection Act (“PDPA“) is in the process of being updated, and full implementation and compliance are expected by 1 June 2021. This comes by way of the Notification of the Ministry of Digital Economy and Society Re: Personal Data Security Standards B.E. 2563 (2020) (“Notification“) which was recently released by the Thai …

Thailand: Personal Data Protection Act (PDPA) Amendments on the way: What does this mean for your company? Read More »

Europe: New privacy rules for connected vehicles in Europe?

12 October 2020 /

By Anne-Gabrielle Haie Vehicles, drivers and passengers are becoming more and more connected, generating increasing amounts of data. The latest evolution of digital technologies, such as robotics, Internet of Things, Artificial Intelligence, high-performance computers and powerful communication networks leads self-driving cars out of an imaginary world and into our daily lives. While these technologies are …

Europe: New privacy rules for connected vehicles in Europe? Read More »

Global: International Data Protection Day!

12 October 2020 / , , ,

International Data Protection Day, which falls annually on January 28, is “an international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust”. We would like to take this opportunity to share a number of data protection resources developed by our global Data Protection, Privacy and Security team to assist …

Global: International Data Protection Day! Read More »

UK: UK Controllers – have you paid the ICO’s data protection fee?

11 December 2019 / ,

The ICO is taking active enforcement against organisations who are not properly registered to pay the UK data protection fee. In our earlier blog post on the UK’s New Data Protection Fee, we explained that the UK was implementing regulations (which are unique in Europe) to require payment of a registration fee to the Information …

UK: UK Controllers – have you paid the ICO’s data protection fee? Read More »

Europe: ‘Right to be forgotten’, but only in Europe?

27 September 2019 / , , ,

In its landmark decision of the 24th of September (C-507/17), the EU Court of Justice in Luxembourg has sided with Google over a claim by the French supervisory authority regarding the application of the so-called ‘right to be forgotten’. This right refers to the ability for individuals in Europe to demand that search engines, such …

Europe: ‘Right to be forgotten’, but only in Europe? Read More »

EUROPE: e-Privacy Regulation – changes regarding electronic communications and digital marketing

16 August 2019 / , , , , ,

Since the European Commission unveiled a proposal for an e-Privacy Regulation in January 2017, this new piece of legislation, aiming to adapt rules on electronic communications and cookies, has undergone many iterations. The European Parliament has left its version untouched since October 2017, and in the meantime the Council of the EU has regularly published …

EUROPE: e-Privacy Regulation – changes regarding electronic communications and digital marketing Read More »

Belgium: DPA updating its Recommendation on Direct Marketing – Provide your input before 31 July 2019!

20 June 2019 / , , ,

Updated official guidance on direct marketing appears to be on the horizon: the Belgian Data Protection Authority has launched a public consultation on direct marketing, with a view to updating its Recommendation No. 02/2013 of 30 January 2013 on direct marketing. In its 2013 Recommendation, available in Dutch and French, the Belgian DPA covered several …

Belgium: DPA updating its Recommendation on Direct Marketing – Provide your input before 31 July 2019! Read More »

Belgium: Newly appointed Belgian Data Protection Commissioner declares “I will not hesitate to issue fines to those not playing by the rules”

24 April 2019 / , ,

by Patrick Van Eecke & Gilles Hachez A little less than a month ago, the Belgian House of Representatives appointed the new commissioner and directors of the Belgian Data Protection Authority (DPA), as we explained in our blogpost here. Today, little less than eleven months after the establishment of the DPA, the new commissioner, Mr …

Belgium: Newly appointed Belgian Data Protection Commissioner declares “I will not hesitate to issue fines to those not playing by the rules” Read More »

EU: EDPB provides more clarity on the legal basis for processing data in clinical trials

19 February 2019 / , ,

By Ilias Abassi Since the implementation of the GDPR, there has been much discussion with respect to the appropriate legal basis for the processing of personal data in the context of a clinical trial, in particular how this relates to the Clinical Trials Regulation (CTR) which is expected to enter into force in 2020. There …

EU: EDPB provides more clarity on the legal basis for processing data in clinical trials Read More »

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW

24 January 2019 / , , ,

By Denise Lebeau-Marianna and Yaël Hirsch On 12 December 2018, the French Government issued an ordinance[1] finalizing, at the legislative level[2], the alignment of the French Data Protection Law (“FDPL”) with the General Data Protection Regulation[3] (“GDPR”) and the Directive 2016/680[4]. Following-up the adoption of the GDPR, the French Law No. 2018-493 related to personal data protection[5] …

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW Read More »

THE NETHERLANDS: Dutch SA initiates exploratory investigation into DPAs

20 January 2019 / , , , ,

The Dutch Supervisory Authority (Autoriteit Persoonsgegevens, “AP”) recently communicated a press release stating that it reached out to 30 organizations to request information relating to their data processing agreements (DPAs).  Organizations that have been contacted are companies in the media, energy and trade sectors. The AP has requested, among other things, what agreements organizations have …

THE NETHERLANDS: Dutch SA initiates exploratory investigation into DPAs Read More »

Spanish Senate signs-off new GDPR-compliant Data Protection Act

26 November 2018 / , , ,

After a very long delay and amidst rumors that the Spanish Parliament could be dissolved and early elections called, the Spanish Senate speedily dismissed all the proposals for further changes and approved the new GDPR-compliant Spanish Data Protection Act on Wednesday 21 November 2018. The new Act (“NLOPD“), in addition to regulating many other topics: …

Spanish Senate signs-off new GDPR-compliant Data Protection Act Read More »

Spanish Government approves new Decree-Law on Data Protection matters

30 July 2018 / , , ,

Due to the complex balances inside the Spanish Parliament, Spain has been unable to put in place to date (July 2018) a new Data Protection Act that develops the EU Regulation 2016/679 (“GDPR”) in the areas where EU Member States are entitled to fill the gaps or add gold-plating requirements on top of those established …

Spanish Government approves new Decree-Law on Data Protection matters Read More »

CHINA: Data and cyber – New guidelines you need to know

29 June 2018 / , ,

In the last two weeks the Chinese authorities have been busy providing much-anticipated guidance on the practical steps organisations must take to comply with the new data protection, cybersecurity and technology regulations. In short, the key developments are: Practical implementation guidance under PRC Cybersecurity Law Draft Guidelines on Multi Level Protection Scheme (MLPS) for information …

CHINA: Data and cyber – New guidelines you need to know Read More »

Linkedin-in
Twitter
Facebook-f
Instagram
Youtube
Weixin
© 2021 DLA Piper. DLA Piper is a global law firm operating through various separate and distinct legal entities. For further information about these entities and DLA Piper’s structure, please refer to the Legal Notices page. All rights reserved. Attorney advertising.​