FTC Fines Google $170 Million USD for having violated the privacy of children on YouTube

The American Federal Trade Commission and the New York Attorney General reached a settlement with Google (YouTube) for having violated the American Federal Children's Online Privacy Protection Act (COPPA). YouTube was accused of illegally harvesting the data of children, tracking their browsing behaviour in order to offer them targeted advertising,, all without the consent ...

The importance of Data Protection in research

The Swedish Data Protection Authority recently launched an investigation into Umeå University's handling of sensitive personal data, specifically data obtained from the Danish Police Authority for research purposes. The Swedish Police Authority to the Data Inspectorate has alleged that the university sent the sensitive data in its possession via unencrypted email. Data protection in ...

Social plug-ins and joint controllership

The European Court of Justice in Case C-210/16, also known as the Fashion ID case, concerns the joint controllership relationship between Facebook and website operators that embed the Facebook “Like” button on their site.  Fashion ID GmbH & Co. KG, an online fashion retailer had the Like button on its website.  In order to better understand the ...

Don’t use consent for the processing of employee data! Greek DPA issues first fine under GDPR

The Hellenic DPA in Decision no 26/2019 decided that for personal data to be processed in compliance with the GDPR, all the principles outlined in Article 5(1) GDPR should be met. The Decision came to light after the DPA received complaints concerning the processing of PriceWaterhouseCoopers employee data where employees were required to provide their ...

ePrivacy Regulation updates

On 12 July 2019 the consolidated text of the forthcoming ePrivacy Regulation was made available. The document was published in light of the 17 July WP TELE (which will focus on articles 12-16 and related recitals) and covers the entire text of the proposed regulation. Of particular relevance, the definition of direct marketing communications ...

Join me for the Cloud Security Alliance GDPR Certification Lead Auditor Training in Amsterdam

Join me in Amsterdam for the following GDPR Lead Auditor Certification Trainings: 2-3 July 201924-25 September 201918-19 November 2019 (CSA Congress EMEA Berlin)10-11 December 2019 Enterprises around the world are looking for ways to show their compliance to Europe’s General Data Protection Regulation (GDPR). The Cloud Security Alliance (CSA) has developed a Code of Conduct designed to offer both a ...

Does Privacy Shield provide adequate protections?

On May 31st the Supreme Court of Ireland denied Facebook’s appeal to avoid referral of its recent case concerning the international transfer of personal data to the European Court of Justice.  You most likely remember the case brought forth by privacy activist and lawyer Max Schrems which questions whether the methods used by technology companies, and ...

CSA Code of Conduct for GDPR Compliance Course to take place in Amsterdam 2-3 July 2019

Enterprises around the world are looking for ways to show their compliance to Europe’s General Data Protection Regulation (GDPR). The Cloud Security Alliance (CSA) has developed a Code of Conduct designed to offer both a tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider. The purpose ...

Call for global agreement on Data Protection

I think that today is a good day to ask the future Members of the European Parliament and American Presidential Candidates to think about a global dimension of data protection and to commit themselves to develop international legislative instruments that have the power to truly enable world-wide digital citizenship.   Read my Letter addressed to the ...

Personal Data Protection as the New Competitive Edge: Generating Socially Responsible Corporate Behaviour

Last Friday I held my inaugural lecture as Professor of Privacy, Cybersecurity, and IT Contract Law at the Faculty of Law - European Centre for Privacy & Cybersecurity at Maastricht University. During my lecture I introduced the research activities that I would like to further develop at Maastricht University in a multidisciplinary setting that includes ...