The importance of the Records of processing activities (Art. 30 GDPR)

A number of Supervisory Authorities have already mentioned that their investigations on GDPR compliance will start from the analysis of the Records of processing activities (Art. 30 GDPR). By having accurate and complete Records, organisations will be able to prove that they are taking the GDPR seriously by applying a systematic approach to mapping and ...

100 cross-border cases in the Internal Market Information System (IMI) under investigation: consistency is paramount

After the second plenary meeting of the European Data Protection Board, which took place on 4 and 5 July 2018, a substantial increase in the number of complaints received by Supervisory authorities has emerged.  In fact, at present there are approximately 100 cross-border cases in the Internal Market Information System (IMI) under investigation. The first results ...

Europe and Japan to speak the same privacy language

On 17 July 2018, the EU and Japan announced the conclusion of discussions on reciprocal adequacy of their legal systems, agreeing to create the world's largest area of safe data flows.  You can read the official press release here. The successful conclusion of the EU-Japan data protection-related talks is very good news for everyone. It will ...

The risky practice of buying data

Ever more frequently organisations are buying lists for marketing purposes from data brokers without taking necessary data protection-related precautions. This is an extremely risky practice.  As the Information Commissioner's Office points out in it’s recent “Investigation into the use of data analytics in political campaigns Investigation update” report - (see pages 14-15) - organisations must ...

Cambridge Analytica and the Concept of Fairness by Design

Just a few days ago the ICO published its "Investigation into the use of data analytics in political campaigns Investigation update" report that provides details with respect to the office of Information Commissioner Elizabeth Denham's investigation of the widespread use of data analytics in electoral campaigns.  The report largely focuses on Facebook and Cambridge Analytica as ...

Let’s not forget about Data Protection by Design

One month after the EU's General Data Protection Regulation has become directly applicable in all EU Member States, I would like to take the opportunity to consider the importance of what I deem to be a fundamental pillar of privacy and data protection: Data Protection by Design/Default (“DPbD”). What is data protection ‘by design’ and ‘by default’? ...

A.I. – Artificial Insanity: Reflections on the resilience of human intelligence by Luca Bolognini

My fellow founding Partner at ICT Legal Consulting, Luca Bolognini, recently published a fascinating book that explores the digital world through a visionary lens. The book is entitled "A.I. - Artificial Insanity: Reflections on the resilience of human intelligence" and reflects on the future of artificial intelligence in the era of the Internet of Things and Big Data ...

#PrivacyShield does not provide adequate data protection for EU citizens

On 5 July 2018 MEPs passed a resolution (303 votes to 223, 29 abstentions) to suspend Privacy Shield starting from 1 September 2018 until the United States is in full compliance with the terms of the agreement. Members of the European Parliament in doing so have called upon US authorities to remove companies that misuse personal ...

EU-US Privacy Shield at risk

Earlier this month MEPs from the Civil Liberties Committee brought attention to the necessity of better monitoring Privacy Shield by way of a Motion for a Resolution to wind up the debate on the statement by the Commission pursuant to Rule 123(2) of the Rules of Procedure on the adequacy of the protection afforded by the EU-US ...

Starting from July requests for preliminary rulings involving natural persons will be anonymised

By No tags Permalink 0

In light of the GDPR and the forthcoming law that will be applicable to European Union institutions, on 29 June 2018 the Court of Justice announced that it will anonymise the personal data of natural persons in preliminary ruling requests. The decision reflects principles enshrined in the GDPR such as the right to be forgotten and is warmly welcomed. Read ...