Don’t use consent for the processing of employee data! Greek DPA issues first fine under GDPR

The Hellenic DPA in Decision no 26/2019 decided that for personal data to be processed in compliance with the GDPR, all the principles outlined in Article 5(1) GDPR should be met. The Decision came to light after the DPA received complaints concerning the processing of PriceWaterhouseCoopers employee data where employees were required to provide their ...

ePrivacy Regulation updates

On 12 July 2019 the consolidated text of the forthcoming ePrivacy Regulation was made available. The document was published in light of the 17 July WP TELE (which will focus on articles 12-16 and related recitals) and covers the entire text of the proposed regulation. Of particular relevance, the definition of direct marketing communications ...

Join me for the Cloud Security Alliance GDPR Certification Lead Auditor Training in Amsterdam

Join me in Amsterdam for the following GDPR Lead Auditor Certification Trainings: 2-3 July 201924-25 September 201918-19 November 2019 (CSA Congress EMEA Berlin)10-11 December 2019 Enterprises around the world are looking for ways to show their compliance to Europe’s General Data Protection Regulation (GDPR). The Cloud Security Alliance (CSA) has developed a Code of Conduct designed to offer both a ...

Does Privacy Shield provide adequate protections?

On May 31st the Supreme Court of Ireland denied Facebook’s appeal to avoid referral of its recent case concerning the international transfer of personal data to the European Court of Justice.  You most likely remember the case brought forth by privacy activist and lawyer Max Schrems which questions whether the methods used by technology companies, and ...

CSA Code of Conduct for GDPR Compliance Course to take place in Amsterdam 2-3 July 2019

Enterprises around the world are looking for ways to show their compliance to Europe’s General Data Protection Regulation (GDPR). The Cloud Security Alliance (CSA) has developed a Code of Conduct designed to offer both a tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider. The purpose ...

Call for global agreement on Data Protection

I think that today is a good day to ask the future Members of the European Parliament and American Presidential Candidates to think about a global dimension of data protection and to commit themselves to develop international legislative instruments that have the power to truly enable world-wide digital citizenship.   Read my Letter addressed to the ...

Personal Data Protection as the New Competitive Edge: Generating Socially Responsible Corporate Behaviour

Last Friday I held my inaugural lecture as Professor of Privacy, Cybersecurity, and IT Contract Law at the Faculty of Law - European Centre for Privacy & Cybersecurity at Maastricht University. During my lecture I introduced the research activities that I would like to further develop at Maastricht University in a multidisciplinary setting that includes ...

The Automated Vehicle Safety Consortium and Fairness by Design

The Ford Motor Company, General Motors, the Toyota Motor Corporation, and SAE International have recently announced the formation of the Automated Vehicle Safety Consortium (AVSC) whose aim is to advance the safe development, testing and deployment of automated vehicles. The AVSC, according to SAE, "will provide a safety framework around which autonomous technology can responsibly evolve in ...

The Legal Aspects of Blockchain Technology: Smart Contracts, Intellectual Property and Data Protection: Part I

This blog series is based on a chapter for the forthcoming book entitled "Essentials of Blockchain Technology".  The chapter was written together with Martim Taborda Barata, LL.M., Senior Associate at ICT Legal Consulting International, and  lawyer registered at the Portuguese Bar Association.  Blockchain is part of the future.  Some consider it a revolutionary technology and others see it ...

The latest ruling of the Court in Rome on the liability regime of hosting providers: cases of liability under Art. 2043 Italian Civil Code and exemptions

On 10 January 2019, the regional Court in Rome (Tribunale di Roma) Section XVII Civil, issued decision no. 693, which addresses the issue of the liability regime of hosting providers with respect to illegal content that was uploaded by users of hosting services – also referring to the ‘active’ or ‘passive’ role of the hosting providers. Internet ...