GDPR Compliance News

Fox Rothschild monitors the latest developments in the EU's implementation of its General Data Protection Regulation to keep clients ahead of the compliance curve. See below for the latest updates from Partner Odia Kagan, Chair of GDPR Compliance and International Privacy, which can also be found on our Privacy Compliance & Data Security Blog.

Recent Blog Posts

  • NY State Law Prohibits Ambulances and First Responders From Selling Patient Data “New York Gov. Andrew Cuomo recently signed legislation that will effectively prohibit ambulance and first response service providers from disclosing or selling patient data to third parties for marketing purposes. The bill was signed into law on October 7. The new law bans the sale of patient data, or individually identifying information to third parties, outside of sales to health providers, the patient’s insurer, and other parties with appropriate legal authority. Under the law, all information that can be used to identify... More
  • Munich Court Ruling Contains Key Takeaways for Consumer Access Requests Under GDPR and CCPA A local  Munich court has interpreted the right of access under Article 15 of GDPR and German law. Here are some key takeaways for GDPR and for consumer access requests under CCPA: The right of access under GDPR is a comprehensive right concerning the stored or processed personal data. It includes all data, such as name or date of birth, as well as any characteristics that can make a person identifiable, eg health data, account number, etc. It does not include the business’... More
  • Irish Data Protection Commission Clarifies Its Role in Protecting Individuals’ Rights The Irish Data Protection Commission (DPC) does not have any power to order an organization to pay compensation to an affected data subject. In the case of administrative fines, any funds collected from these fines go to the state exchequer. In addition to the powers the DPC has to enforce data subjects’ rights, individuals are also open to take private civil actions against organizations where his or her rights have been infringed – although the DPC does not have any formal... More
  • German DPA Coordinating Body Pushes for Higher GDPR Fines The DSK, the joint coordination body of the German data protection authorities, has recently set out a new model for calculating EU General Data Protection Regulation fines, which, if adopted and applied, is likely to lead to higher GDPR fines, more frequently at the top end of the maximum fine limits under Article 83. Some German authorities have started applying this new model in practice; for example, the Berlin data protection commissioner has already announced her intention to impose multimillion-euro GDPR... More
  • Court of Justice of the EU: Detailed Consent Needed for Cookies The Court of Justice of the European Union has issued its Planet 49 decision. Key takeaways: A pre-checked check box is not sufficient consent for the placement of cookies. You need active consent whether or not cookies collect personal data. The fact that a user activates the promotional game participation button is not sufficient to consider that the user has validly given his consent to the placement of cookies. The expression of intention must be specific to the data processing. Cookie disclosure must be clearly understandable... More
  • Ecuador Is Latest Country to Consider GDPR-like Privacy Law Ecuador is considering a GDPR – like privacy law. “A massive data breach in Ecuador has sparked a new push to pass data protection legislation that would mirror the European Union’s privacy regime. The National Assembly is debating a bill that allows citizens to access, correct, eliminate and oppose the use of their personal data and sets up a new data protection authority to enforce the law and sanction bad actors. President Lenin Moreno sent the bill for debate shortly after... More
  • Guidance From Liechtenstein on Joint Controllership Under GDPR The Liechtenstein data protection authority has issued guidance on joint controllership under GDPR: Examples of joint controllers: If two companies jointly organize a competition in which the name and address are collected by the participants for the subsequent delivery of the prizes. If a website operator integrates a Facebook “Like” button on his website in order to improve his marketing, both the website operator and Facebook are jointly responsible, even if the website operator has no access to the data collected. If a company... More
  • Danish DPA Publishes New Guidelines for Publishing Photos Online Under GDPR If you post photos online, and are subject to GDPR, you must: tell the people in the picture about it let them object get their consent, sometimes respect their wishes to remove the photos be extra careful if kids are in the photos The Danish Data Protection Authority has released a new guidance on the legal basis for posting photos online. Read my detailed analysis.... More
  • Article: Where GDPR Lacks Specificity, Consider Referring to NIST Publications “Whenever there is no clear guidance under the GDPR on how to obtain certain security objectives, it certainly seems wiser and more rational to use existing solutions provided by NIST publications than to wait until more EU guidelines would be available. Later you could further build on what you already have, rather than start from scratch,” writes Piotr Foitzik, Senior Manager, Privacy and Data Protection Office, HCL Technologies. Piotr advocates using NIST standards to comply with your GDPR Art 32 ‘adequate... More
  • General Contractor Sharing Consumer Data With Subcontractor on Home Renovation Job OK Under GDPR Says Austrian DPA GDPR permits a general contractor to disclose personal information of the client who hired them for a home renovation to subcontractors, for their purpose of carrying out the renovation as well as for the correction of defects within the scope of the warranty. The legal basis for this is that it is necessary for the performance of the contract with the client (Article 6(1)(b) of GDPR), says the Data Protection Authority of Austria. Read the full opinion.... More