TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes: EU-US data privacy framework, China’s outbound data rules, international transfer risk assessment, Australian small business to adopt data protection The EDPB sees improvements under the EU-US Data Privacy Framework, but many more concerns remain. The improvements include the introduction of requirements embodying […]
Tag: GDPR
Hardware identifiers: Is an IMEI number personal data?
Elements of personal data With the introduction of the GDPR in 2018, data protection has become a popular topic both from a legal and technical perspective. The importance of efforts around privacy and data protection is personal data and its protection. Under the EU GDPR, there are key elements in the definition of personal data. […]
Consent Management Platforms’ misleading cookie banner designs: how to recognize and avoid dark patterns
It does not take much convincing for someone to accept freshly baked cookies, when offered to them. However, on the internet, organizations and website owners have had to work harder to balance compliance and optimize cookie consent rates, which ultimately serves to benefit them and their revenue. This is especially true after the GDPR came […]
EU-US data transfers: US Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities and the impact on organizational GDPR compliance.
It is no longer news that EU-US data transfers have become increasingly challenging given the invalidation of the EU-US Privacy Shield Framework in 2020. Since then, companies have had to rely on standard contractual clauses and in other cases, data subjects have had to give consent for such transfers to happen knowing the risk of […]
Data protection & privacy digest 1 – 15 December 2022: draft US adequacy decision, Microsoft ‘data boundary’ for the EU, Age-appropriate design code
TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes: draft US adequacy decision, EDPB’s binding decisions, draft AI Act The EU issued a draft adequacy decision for the United States, saying US safeguards against America’s intelligence activities were strong enough to address EU concerns on data transfers. Previously, personal data could […]
Data protection & privacy digest 9 – 30 November 2022: Microsoft 365 non-compliance, Meta “data scraping” fine, Amazon Prime class action
TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes: Microsoft Office 365 cloud services, privacy complaints, lead supervisory authority, NIS2 Directive, Australia data breach penalties The German Data Protection Conference negatively assessed the data processing agreements for Microsoft 365 cloud services, regarding the requirements of Art. 28 of the GDPR. The […]
Data protection & privacy digest 13 – 26 September 2022: Google Analytics clash, caller identification, commercial practices & GDPR
TechGDPR’s review of international data-related stories from press and analytical reports. Official guidance: Google Analytics, DP assessment tool, work monitoring, privacy policy check-list, Machine Learning, APIs The Danish data protection authority, following several other European counterparts’ decisions, concludes that the Google Analytics tool cannot be used legally without implementing several additional measures, (eg, effective pseudonymization […]
GDPR Training Modes for Technology Teams
Though there are a wide range of training options, all of which will help guide GDPR compliance efforts, there are key differences between the different training methods which must be taken into account.
Privacy by Design for Technology Development Teams
The principle of Privacy by Design builds privacy into the heart of data processing operations and systems, while Privacy by Default ensures that the data subject’s rights are protected as a matter of standard operations. These concepts were created long before the GDPR came into fruition, but under the GDPR became important requirements.
Weekly digest 25 July – 1 August 2022: UK publishes new data protection draft bill and updates BCRs
TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes: UK new data protection draft bill, Irish DPC expansion, rules to prevent child abuse online A new UK Data Protection and Digital Information Bill was published on a parliamentary website. This document is intended to update and simplify the UK’s data protection […]