New rules bring protections to personal data in EU political campaigns

(Mar 26, 2019) If you’re political, GDPR fines aren’t the only sanctions you need to worry about. New rules mean European political parties and foundations can be penalized up to 5 percent of their annual budget for “deliberately influencing, or attempting to influence, the outcome of elections by taking advantage of breaches of data protection rules.” On March 19, the European Union adopted new rules to “prevent misuse of personal data by European political parties.” The move comes ahead of the European Parl... Read More

Vienna court allows Schrems to move forward with Facebook civil action

(Mar 26, 2019) The Vienna Higher Regional Court ruled Max Schrems can move forward and take civil action against Facebook, NS Tech reports. The court’s ruling opens the door for complaints made under Article 79 of the EU General Data Protection Regulation to be reviewed not only by data protection authorities, but also by civil court judges. Schrems tried on two previous occasions to have Austrian court judges hear the case in court before Vienna made its decision. “After a good four-and-a-half years, we have ... Read More

ICO delves into its AI auditing framework

(Mar 26, 2019) The U.K. Information Commissioner’s Office offered an overview of the two key components of its auditing framework for artificial intelligence. The first component covers the governance and accountability measures an organization needs to comply with data protection requirements. The agency identifies risk appetite, training and awareness, and data protection by design and default as examples of those measures. The ICO cited eight AI risk areas for its second component, including accuracy, fairn... Read More

Roundup: Australia, Egypt, US and more

(Mar 25, 2019) In this week's Privacy Tracker global legislative roundup, read about Australia’s proposed changes to the Privacy Act that would increase penalties and funding. Egypt approves a draft law proposed by the government to protect personal data that aims to implement articles of the country’s constitution regarding the protection of privacy. In Utah, legislators pass legislation in support of new privacy laws that would protect electronic data stored with third parties from government access. (IAPP m... Read More

CJEU advocate general: Pre-checked cookie boxes do not qualify as valid consent

(Mar 25, 2019) Court of Justice of the European Union Advocate General Maciej Szpunar wrote in a non-binding opinion a website has not gathered valid consent when it requires a user to deselect a pre-checked box, The Register reports. Szpunar’s opinion was in response to a case where an online lottery hosted by Planet49 asked individuals to consent to cookies. The box was filled in, but patrons did not need to agree to cookies in order to participate in the lottery. Szpunar determined it "virtually impossible ... Read More

UK ride-hailing drivers file lawsuit over alleged GDPR violations

(Mar 25, 2019) CNBC reports four U.K.-based Uber drivers have filed a lawsuit against the ride-hailing company for alleged violations of the EU General Data Protection Regulation. The drivers claim they asked Uber for information such as their trip ratings, their individual GPS data and the amount of time they spent logged into Uber’s platform; however, the four state the company never fulfilled any of their data requests. “Our privacy team works hard to provide as much information as we can, including explana... Read More

Global News Roundup — March 18–25, 2019

(Mar 25, 2019) In this week's Privacy Tracker global legislative roundup, read about Australia’s proposed changes to the Privacy Act that would increase penalties and funding. Egypt approves a draft law proposed by the government to protect personal data that aims to implement articles of the country’s constitution regarding the protection of privacy. In Utah, legislators pass legislation in support of new privacy laws that would protect electronic data stored with third parties from government access. LATEST... Read More

Infographic: Data protection and transfers if 'no-deal' Brexit

(Mar 22, 2019) With the U.K. expected to leave the EU imminently, organizations must plan now for data governance within the U.K. and for data transfers into and out of other jurisdictions. To help, the IAPP has created an infographic to assist privacy pros unsure of their obligations to learn more about where to focus efforts and resources in the case of a “no-deal” Brexit. Full Story ... Read More

Recapping the EDPB's GDPR enforcement overview

(Mar 22, 2019) Last month, the European Data Protection Board released its first overview of the implementation and enforcement of the General Data Protection Regulation and the roles and means of the national supervisory authorities. The report indicates that the GDPR cooperation and consistency mechanisms are working quite well in practice due to the EDPB and national supervisory authorities’ ongoing efforts to facilitate collaboration and communication. Graham Blyth, CIPP/US, recaps the EDPB release in this... Read More

Notes from the IAPP Europe Managing Director, 22 March 2019

(Mar 21, 2019) Greetings from Brussels! The European Data Protection Board recently published an opinion on the intersection between the ePrivacy Directive and the GDPR with particular regard to the competencies, tasks and powers of the European data protection authorities. Suffice to say, given the uncertainty around the legislative future of ePrivacy, coupled with its permeating influence, the document is a worthwhile read for those of you — and you are many — involved in electronic communications and EU pe... Read More