CJEU gave the Judgement in the course of a preliminary ruling on whether Articles 6(1)(c) and 7(f) of the Data Protection Directive (95/46/EC) precluded national law from allowing installation of a CCTV system in the common parts of a residential building, relying on a legitimate interest (Case C-708/18). The overall answer is "No, it … Continue reading CJEU & legitimate interest in scope: what the controller should remember of.
We have spoken a lot about WFH. But what about “return to office”. Here are some tips for a seamless return from a privacy perspective. Firstly – be careful with sensitive data. If you are processing test results , these are health data, and hence they are sensitive data. You need an Article 9 condition. … Continue reading Bring the forces back!
An interesting GDPR enforcement case came from Belgium in late May. Imagine that a data controller is sending unsolicited postal communications and ignoring data subject rights to object (Article 21) and to be forgotten (Article 17). On top of that, it misidentified legal basis and relied on the legitimate interest instead of consent (of course, … Continue reading Belgian data protection watchdog sends controversial ‘message’ with regard to non-profit data controllers.
In scope - a useful hands-on guidance from IAPP authors for privacy pros on what to focus when taking very first steps to internalize PbD principle. It may come as a surprise for us being buried under tons of privacy-related papers that the author suggests to begin with the inner privacy culture and getting C-level … Continue reading ‘Privacy by design’: does all begin with corporate privacy culture?
It was reported on U.S. news today that a U.S. military Predator drone was used last night to collect data during the riot in Minneapolis - St. Paul, USA. The drone flew in circles for what appeared to be a 10 mile radius. The news report said that a large amount of personal data was … Continue reading Data Collection: Minneapolis – St. Paul, USA, Civil Disturbance
Two years on and GDPR is still going strong. However, there’s still so much in front of us. Case law and other regulations like the new ePrivacy Regulation (ePR) whenever it will be approved will bring even more changes. In retrospective, the implementation of GDPR was an eye opener to so much more than the mere … Continue reading A GDPR Retrospective
Here is a link to a January 2020 webinar co - presented with a colleague at the University of Southern California, covering the twin issues of privacy protection and data licensing. Enjoy! https://techtransfercentral.com/marketplace/distance-learning/data-licensing-and-privacy-protection-workshop-for-university-ttos/
Is it more important for a Data Protection Leader to be an expert in data protection law, or to orchestrate behavioural change from top to bottom?I’m still surprised by the number of job ads for data protection leadership roles that focus heavily on the need to have either a legal background, or a deep understanding … Continue reading The sizeable gap
When you have no right to privacy, Data Protection law governs the organisations respect for your information. It should not be Data Utility vs Privacy, but Data Protection and Data Utility. The terms data protection and privacy are often used interchangeably. Recently I have seen a high number of articles about “COVID-19 Symptom tracking Apps” and … Continue reading COVID-19, Data Protection law and Privacy… Or the needs of the many vs the needs of the one.
It is a personal post. Not that it is annivarsary of GDPR so I am very emotional due to that but because to me, GDPR is very personal and I hope you don’t mind. Personal Letter When was the last time you sent a letter? I do not mean letter to tax office, employment agency, … Continue reading GDPR is very Personal