GDPR

THE NETHERLANDS: Dutch SA initiates exploratory investigation into DPAs

The Dutch Supervisory Authority (Autoriteit Persoonsgegevens, “AP”) recently communicated a press release stating that it reached out to 30 organizations to request information relating to their data processing agreements (DPAs).  Organizations that have been contacted are companies in the media, energy and trade sectors. The AP has requested, among other things, what agreements organizations have …

THE NETHERLANDS: Dutch SA initiates exploratory investigation into DPAs Read More »

FRANCE: CNIL PUBLISHES GUIDANCE ON DATA SHARING FOR MARKETING PURPOSES

By Denise Lebeau-Marianna and Tiphaine Caulier The French Data Supervisory Authority (the CNIL) released guidance on December 28th 2018 on the principles to be followed when an organization that collects personal data through online or hard copy forms, shares it with business partners or data brokers to send SMS or emails for marketing purposes. To comply …

FRANCE: CNIL PUBLISHES GUIDANCE ON DATA SHARING FOR MARKETING PURPOSES Read More »

The Netherlands: Health sector once again on the radar of DPA

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens,  “Dutch DPA“) previously stated that it shall focus its enforcement actions on the public and health sector, and seems to act upon its words. Just a few months after the Dutch DPA inspected more than 100 hospitals and health insurers on whether they comply with the obligation to …

The Netherlands: Health sector once again on the radar of DPA Read More »

Germany: First court decision on claims for immaterial damages under GDPR

The Local Court (Amtsgericht) Diez (in a final decision dated 7 November 18, case number 8 C 130/18) was the first German court – and as far as we know the first court EU-wide – to decide on a claim for immaterial damages under Art. 82 (1) GDPR. The main question was how to calculate …

Germany: First court decision on claims for immaterial damages under GDPR Read More »

SPAIN: New Data Protection Act in force from 07 December 2018

After more than two weeks from its approval by the Spanish Senate, the Official Gazette of Spain published this morning the new Spanish Data Protection Act, that shall be in force as from Friday 7 December 2018. Coincidentally or not, the publication was made on the very same day of the 40th anniversary of the …

SPAIN: New Data Protection Act in force from 07 December 2018 Read More »

Spanish Senate signs-off new GDPR-compliant Data Protection Act

After a very long delay and amidst rumors that the Spanish Parliament could be dissolved and early elections called, the Spanish Senate speedily dismissed all the proposals for further changes and approved the new GDPR-compliant Spanish Data Protection Act on Wednesday 21 November 2018. The new Act (“NLOPD“), in addition to regulating many other topics: …

Spanish Senate signs-off new GDPR-compliant Data Protection Act Read More »

FRANCE: Facebook could face a 100 million euros class action suit for violating GDPR

On 8 November 2018, French NGO Internet Society France sent Facebook a formal notice listing seven areas where it has allegedly infringed GDPR. The social network has 4 months to respond. Failing that, the Internet Society France could launch the first class action suit for compensation since the entry into application of GDPR. The French …

FRANCE: Facebook could face a 100 million euros class action suit for violating GDPR Read More »

France: the CNIL publishes its data privacy impact assessment (DPIA) guidelines and a list of processing operations subject to a DPIA

A Data Protection Impact Assessment (DPIA) is one of the key accountability tools introduced by Article 35 of the EU General Data Protection Regulation (GDPR) which provides guidance to  data controllers on how to systematically analyze, identify and minimize the data protection risks of a data processing operation planned which is likely to raise a …

France: the CNIL publishes its data privacy impact assessment (DPIA) guidelines and a list of processing operations subject to a DPIA Read More »

Spanish Government approves new Decree-Law on Data Protection matters

Due to the complex balances inside the Spanish Parliament, Spain has been unable to put in place to date (July 2018) a new Data Protection Act that develops the EU Regulation 2016/679 (“GDPR”) in the areas where EU Member States are entitled to fill the gaps or add gold-plating requirements on top of those established …

Spanish Government approves new Decree-Law on Data Protection matters Read More »

FRANCE: Website publisher fined for violation of the cookie requirements

The French Council of State affirmed the EUR 25,000 fine imposed by the CNIL on Editions Croque Futur (challenges.fr) for non-compliance with French data protection law, and in particular cookie requirements. The facts go back to 2014-2015 when the French data protection authority (the CNIL) found out that French company Editions, Croque Futur, publisher of …

FRANCE: Website publisher fined for violation of the cookie requirements Read More »

FRANCE: New data protection law declared constitutional and ready for promulgation

The French Constitutional Council has issued its ruling on June 12 regarding the new data protection law implementing the EU General Data Protection Regulation (GDPR). It’s a PASS! Almost a month after Senators referred the newly adopted data protection law to the Constitutional Council, thus blocking its promulgation on time for the GDPR’s entry into …

FRANCE: New data protection law declared constitutional and ready for promulgation Read More »

FRANCE: New “data security kit” published by the ANSSI

The French national digital security agency (ANSSI) has recently published a “data security kit” on the occasion of the entry into application of the EU General Data Protection Regulation (GDPR) on last May 25. Security of the personal data, to preserve their integrity and confidentiality, is one of the main data protection principles set out …

FRANCE: New “data security kit” published by the ANSSI Read More »

FRANCE: First GDPR complaints lodged with the CNIL

Immediately after the entry into application of the GDPR, the CNIL received several complaints over “forced consent” and unlawful processing. On May 25, the non-profit European Center for Digital Rights (known as nyob for “none or your business”), founded by Max Schrems, filed four, very similar, complaints over “forced consent” against Google (Android), Instagram, WhatsApp …

FRANCE: First GDPR complaints lodged with the CNIL Read More »

FRANCE: The new data protection law under Constitutional review

The newly adopted French data protection law is already challenged by Senators who requested a constitutional review the day after the new law’s adoption. This had been announced: at least 60 Senators have referred the new French data protection law to the French Constitutional Council. Despite the accelerated procedure initiated by the Government in December …

FRANCE: The new data protection law under Constitutional review Read More »