GDPR Compliance News

Fox Rothschild monitors the latest developments in the EU's implementation of its General Data Protection Regulation to keep clients ahead of the compliance curve. See below for the latest updates from Partner Odia Kagan, Chair of GDPR Compliance and International Privacy, which can also be found on our Privacy Compliance & Data Security Blog.

Recent Blog Posts

  • European Data Privacy Regulators Promise to Enforce Data Privacy Despite Pandemic The COVID-19 pandemic has upended global business, but European regulators say it won’t stop them from promoting privacy and data protection, according to the International Association of Privacy Professionals. “What’s clear about the regulators’ enforcement strategies is that they each intend to keep pushing data protection forward, knowing its general importance is only growing as the effects of COVID-19 continue to take shape” Ireland: No particular stance across the board on any type of softening of approach. “We’ll consider any reasonable request... More
  • UK’s ICO Issues Data Privacy Advice for the ‘New Normal’ As lockdown restrictions  ease and businesses begin to reopen, the UK Information Commissioner’s Office (ICO) has set out the key steps organizations need to consider around the use of personal information. The guidance focuses on six principles: Only collect and use what is necessary Keep it to a minimum Be clear, open and honest with staff about their data Treat people fairly Keep people’s information secure Staff must be able to exercise their information rights Details in my client alert.... More
  • EDPB’s Draft Guidelines on Privacy by Design and by Default Data protection by design and by default (DPbDD): The complexity of this GDPR obligation is apparent even from acronym itself. It was my pleasure to try to simplify this concept and break down the steps that European Union data controllers need to take in this piece for OneTrust DataGuidance insights.... More
  • Senate Democrats Introduce a Second Federal COVID-19 Privacy Bill Democratic Senators introduced a second COVID-19 privacy bill. It addresses the collection and processing of data in connection with fighting the COVID-19 pandemic. This Democratic Senate bill shares a number of key points with the recently filed Republican Senate bill, among them: consent required for collection and revocable disclosure at collection information security data minimization (collect only what you need) retention limitation (delete after revocation and after the pandemic). The bill would be enforceable by the Federal Trade Commission and State Attorneys General, but this bill also... More
  • UK ICO Offers Guidance on Back-to-Work Data Privacy Issues The United Kingdom’s Information Commissioner’s Office has issued guidance for employers on the data protection aspects of returning to the workplace: Testing for symptoms? possible, but Thermal cameras? might be possible, but Read my client alert for a detailed analysis.... More
  • Convention 108 and Council of Europe Issue Joint Contact Tracing Statement Alessandra Pierucci, Chair of the Committee of Convention 108 and Jean-Philippe Walter, Data Protection Commissioner of the Council of Europe, issued a Joint Statement on Digital Contact Tracing. Key principles for digital tracing: transparency data minimization impact assessment de-identification safeguards from automated decision making More details in my client alert.... More
  • COVID-19 Temperature Checks: Guidance From Italy and France Italy’s Garante and France’s CNIL publish updated guidelines on privacy in the workplace as workplaces are opening up for a phased return to normal. Per CNIL: Automatic collection of temperature (e.g. by thermal cameras) is not allowed Taking temperature by means of a manual thermometer (such as for example of infrared type without contact) at the entry of a site, without a trace being kept, nor any other operation is carried out (such as readings of these temperatures, information feedback, etc.), does not... More
  • European Data Protection Supervisor Addresses Role of Data in COVID-19 Fight The European Data Protection Supervisor addressed the coronavirus crisis in a post titled “Carrying the torch in times of darkness.” “The outbreak of Covid-19 is affecting our lives at an unprecedented pace. It is testing the resilience of our societies as we respond to this global crisis and try to contain its consequences, both in the short and in the long run.” “Personal data have and will continue to play an important role in the fight against the pandemic.” “Humanity does not need... More
  • Italy Offers Guidance on COVID-19 Contract Tracing Privacy Italy’s data protection agency, Italian Garante, has offered its opinion on a regulatory proposal for the creation of a COVID-19 tracing app. The proposed contact tracing system does not appear to conflict with the principles of personal data protection in that it: Specifies in sufficient detail the type of data collected, guarantees given to the interested parties and the temporary nature of the measure Is voluntary Is intended for the pursuit of public interest purposes indicated with sufficient certainty and excluding the secondary processing... More
  • EDPB Issues Guidance on the Issue of User Consent The European Data Protection Board issues guidance on consent, in reliance upon the Working Party Article 29 Guidelines on Consent. Key additions/ takeaways. Consent relying on an alternative option offered by a third party fails to comply with the GDPR. A service provider cannot prevent data subjects from accessing a service on the basis that they do not consent. In order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to... More