Dutch DPA investigates use of tracking cookies

The Dutch DPA carried out an audit of approximately 175 websites including those of web shops, municipalities, and  the media, in order to ascertain whether they comply with the requirements for the placing of tracking cookies. Almost half of the websites that use tracking cookies do not meet the consent requirements. The DPA found that “Virtually ...

EDPS announces investigation into European Parliament’s 2019 election activities and is taking enforcement actions

On 28 November 2019 the European Data Protection Supervisor announced that "it is carrying out an investigation into the European Parliament’s use of a US-based political campaigning company to process personal data as part of its activities relating to the 2019 EU parliamentary election." In its press release the EDPS stressed that "Election campaigns are ...

Brexit and data protection: What’s next?

On 12 December 2019 in the UK general election, Boris Johnson secured his position as UK Prime Minister, with his Conservative party winning its first substantial majority in decades. The results of the election have set the way for the UK to exit the European Union by its scheduled exit date of 31 January 2020.  The results ...

Italian DPA: Second semester inspection plan focuses on whistleblowing

The Italian Data Protection Supervisory Authority recently published the measure whereby it decided on the audit plan for this six-month period, citing one of the processing activities that could be inspected: “1. For the period from July to December 2019, the auditing activity initiated and carried out by the Data Protection Supervisory Authority, including through the Guardia di ...

5th EDPD Plenary Session: EU-Japan draft adequacy decision, DPIA lists, Artile 43 GDPR

The 5th EDPD Plenary Session took place last week on 4 and 5 December 2018.  Main points of the agenda included the EU-Japan draft adequacy decision, the adoption of opinions on the Data Protection Impact Assessment (DPIA) lists submitted by Denmark, Croatia, Luxembourg and Slovenia, and the revision of the Article 29 Working Party guidelines on accreditation. ...

The importance of the Records of processing activities (Art. 30 GDPR)

A number of Supervisory Authorities have already mentioned that their investigations on GDPR compliance will start from the analysis of the Records of processing activities (Art. 30 GDPR). By having accurate and complete Records, organisations will be able to prove that they are taking the GDPR seriously by applying a systematic approach to mapping and ...

100 cross-border cases in the Internal Market Information System (IMI) under investigation: consistency is paramount

After the second plenary meeting of the European Data Protection Board, which took place on 4 and 5 July 2018, a substantial increase in the number of complaints received by Supervisory authorities has emerged.  In fact, at present there are approximately 100 cross-border cases in the Internal Market Information System (IMI) under investigation. The first results ...