Almost exactly a year after publishing its draft version, the EDPB has adopted its final guidelines on Article 3 of the GDPR and the extra-territorial scope of the legislation. The adopted guidelines don’t differ substantially from the consultation draft but include a number of clarifications and new examples. Some of the key takeaways are: Article … Read more
The Information Commissioner’s Office in the UK (ICO) has announced an investigation into the use of facial recognition technology following a string of high profile uses. Prior to the results of this investigation, companies using facial recognition technology should: undertake a balancing test to ensure proportionality in the use of such technology, acknowledging its intrusiveness; … Read more
The Court of Justice of the European Union has confirmed in the Planet49 case that a pre-ticked checkbox does not constitute valid consent for ePrivacy purposes. Read more
In our latest report, we informed you about new developments regarding imposed sanctions by Data Protection Authorities (“DPA”) in Germany and Austria and about a model for calculating fines imposed under the General Data Protection Regulation (“GDPR”) proposed by the Conference of the German “Independent Data Protection Supervisory Authorities of the Federal Government and the … Read more
The Privacy and Data Protection Journal has published an article by Duc Tran (Senior Associate) and Laura Adde (Associate) of our Digital TMT, Sourcing & Data and Cyber Security teams. The article examines the concept of “joint controllership” in light of recent case law and existing legislative guidance. Please click here to access the full … Read more
In this update, we provide you with a brief summary of two recent developments in relation to sanctions imposed under the General Data Protection Regulation (“GDPR”). Firstly, the Berlin Data Protection Authority (“Berlin DPA”) recently announced its willingness to impose multimillion-euro fines for breaches of the GDPR. This shows that also in Germany significant fines … Read more
A recent test DSAR has demonstrated companies’ differing approaches to DSAR compliance Despite the DSAR being made by a third party on behalf of the data subject, it is clear companies are uncertain regarding when or how they should ask for ID verification ICO guidance urges data controllers to be satisfied that any third party … Read more
Cyber-attacks are a continuous threat to both businesses and charities. From the Cyber Security Breaches Survey 2019 (available here as a PDF), we can see that fewer businesses are identifying breaches than in previous years, but the ones that are identifying breaches are typically experiencing more of them. Approximately 32% of businesses and 22% of … Read more
A recent post on the ICO’s AI Auditing Framework blog explores human bias and discrimination in AI systems, together with some of the technical and organisational measures which can be implemented to mitigate the legal risks associated with these issues. Read more