Don’t use consent for the processing of employee data! Greek DPA issues first fine under GDPR

The Hellenic DPA in Decision no 26/2019 decided that for personal data to be processed in compliance with the GDPR, all the principles outlined in Article 5(1) GDPR should be met. The Decision came to light after the DPA received complaints concerning the processing of PriceWaterhouseCoopers employee data where employees were required to provide their ...

Věra Jourová: SCCs to be modernised

In her intervention at the "The General Data Protection Regulation one year on: Taking stock in the EU and beyond" event held on 13 June 2019, Commissioner Věra Jourová discussed the state of the art of the GDPR, also with the aim of providing input to the next Commission who "will have to start working ...

CSA Code of Conduct for GDPR Compliance Course to take place in Amsterdam 2-3 July 2019

Enterprises around the world are looking for ways to show their compliance to Europe’s General Data Protection Regulation (GDPR). The Cloud Security Alliance (CSA) has developed a Code of Conduct designed to offer both a tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider. The purpose ...

Call for global agreement on Data Protection

I think that today is a good day to ask the future Members of the European Parliament and American Presidential Candidates to think about a global dimension of data protection and to commit themselves to develop international legislative instruments that have the power to truly enable world-wide digital citizenship.   Read my Letter addressed to the ...

The Legal Aspects of Blockchain Technology: Smart Contracts, Intellectual Property and Data Protection: Part I

This blog series is based on a chapter for the forthcoming book entitled "Essentials of Blockchain Technology".  The chapter was written together with Martim Taborda Barata, LL.M., Senior Associate at ICT Legal Consulting International, and  lawyer registered at the Portuguese Bar Association.  Blockchain is part of the future.  Some consider it a revolutionary technology and others see it ...

PERSONAL DATA PROTECTION AND THE USE OF INFORMATION TO FIGHT ONLINE-TERRORIST PROPAGANDA, RECRUITMENT, AND RADICALIZATION: PART III

In this third blog post of my exploration into the matter based on an upcoming publication for CRC Press, part of the Online Terrorist Propaganda, Recruitment, And Radicalization Book Project that I wrote together with Dr. Milda Macenaite, I will specifically explore the legal data protection framework. The primary legal instrument in the EU regulating personal data processing in the law enforcement, i.e., in ...

5th EDPD Plenary Session: EU-Japan draft adequacy decision, DPIA lists, Artile 43 GDPR

The 5th EDPD Plenary Session took place last week on 4 and 5 December 2018.  Main points of the agenda included the EU-Japan draft adequacy decision, the adoption of opinions on the Data Protection Impact Assessment (DPIA) lists submitted by Denmark, Croatia, Luxembourg and Slovenia, and the revision of the Article 29 Working Party guidelines on accreditation. ...

4th EDPB Plenary session recap

On 16 November the European Data Protection Authorities gathered for the 4th plenary session of the European Data Protection Board and yesterday, 19 November, a summary of some of the most important aspects discussed at the meeting was published providing an update on the EU-Japan draft adequacy decision, Clinical Trials Regulation and territorial scope. Here are the main ...

EDPB establishes common criteria for Data Protection Impact Assessment lists drafted by national supervisory authorities

On 26 September 2018, the European Data Protection Board (“EDPB”) adopted Opinions on the draft lists, submitted by the respective national supervisory authorities, on the processing operations subject to the requirement of a data protection impact assessment (“DPIA”). The Opinions which result from the obligation for supervisory authorities to establish a list of the kind of processing operations that ...