New ePrivacy template for preparing a Data Protection Impact Assessment (DPIA)
ePrivacy has recently published a first template for the preparation of a Data Protection Impact Assessment (DPIA), bringing light and structure to this topic: What
Direct mail marketing under the GDPR – how to deal with opt-outs
In a judgement of 25 February, the Stuttgart Regional Court examined a number of relevant questions concerning direct mail marketing. Among other things,
Federated Learning– New Opportunities for data protection compliance
Federated machine learning is a rather new approach of machine learning where an algorithm is trained on local nodes or devices. The
Protect your company’s valuable information assets! Establishment and auditing of ISMS and PIMS
Establishment of an Information Security Management System (ISMS)Particularly in digital companies, information is the basis of any business activity and is therefore
Fine due to conflict of interest of the internal DPO
Company: Bank (name not known)Possible data protection breach: conflict of interest of the internal DPO.Authority: APD (Belgian Data Protection Authority)Amount of fine: 75.000 Euro The Belgian
Fine for lack of explicit consent to profiling for commercial purposes
Company: CAIXABANK PAYMENTS & CONSUMER EFC, EP, S.A.U.Possible data protection breach: lack of explicit and informed consent to profile users for commercial purposes.Authority: AEPD (Agencia
The new “UK Standard Contractual Clauses”
On the 4th of June 2021 the European Commission has published a new set of Standard Contractual Clauses (“SCCs”) (see our article
The supervisory authority of Baden-Württemberg published guidelines on cookies and tracking usage
On Friday, the supervisory authority of Baden-Württemberg published a “FAQ on cookies and tracking” on its website. It is based on the
“Transfer Impact Assessment” (TIA) – New transfer mechanism to ensure adequate level of data protection in third country
On 16 July 2020, the ECJ declared the EU’s GDPR adequacy decision for the United States (the “EU-US Privacy Shield”) invalid –
CNIL: Can processors use their controllers’ data for their own purposes?
Addressing cloud service providers’ increased interest in processing their controllers’ data for their own purposes – such as for product improvements or