Following a lengthy consultation process, the Information Commissioner’s Office has this month published the draft Age Appropriate Design Code (the Code). The Code, which is designed to be read alongside the existing provisions of the GDPR, and the Data Protection Act 2018, is intended to bolster the standards online services should meet to protect children’s […]
Read moreReaders of these posts will be familiar with the ban, under Chapter V of GDPR, on exporting personal data outside the EEA except to approved third countries, or where other safeguards are put in place. One of those safeguards is a set of European Commission approved contract clauses that can be put in place between […]
Read moreGerman property company Deutsche Wohnen SE has been fined €14.4 Million for breaches of GDPR by the Berlin data supervisory authority in Germany. This is reported to represent 2% of the company’s global turnover, so is only half the maximum fine that could have been imposed under GDPR. It’s worth noting that this time the […]
Read more1. What are cookies and what this note covers 1.1 Cookies are small files which a website can, through an internet browser, leave on a user’s device, and to then be used to extract information about the user or their system. 1.2 In many cases, cookies are simply tools to let the website do its […]
Read moreThe Court of Justice of the European Union (CJEU) last week handed down its decision in a case concerning a German online clothing retailer’s use of the Facebook “Like” button. The retailer, Fashion ID, had embedded the Facebook tool on its website, enabling visitors to “like” content on the web and so share it on […]
Read moreThe Information Commissioner’s Office (ICO), the UK’s data protection supervisory authority, today announced that it has provisionally determined that British Airways (BA) must pay a substantive fine for breach of the GDPR, in relation to a data breach that BA suffered in June 2018. The reports state that the incident in part involved user traffic […]
Read moreThe Danish Data Protection Agency (DPA) has recommended a fine of 1.5 million Danish kroner (approx. £180,000) for a furniture company that failed to delete the data of about 385,000 customers. The company in question, IDdesign, had been the subject of a supervisory visit by the DPA in autumn 2018. Prior to the visit, IDdesign […]
Read moreThe top Spanish football league, La Liga, has been fined around €250,000 for a breach of the GDPR by the Spanish data protection agency, AEPD. In an effort to combat piracy of Spanish football live matches, La Liga allegedly used a smart phone app to collect users data without users’ specific consent. AEPD therefore levied […]
Read moreThe EU and Japan have today announced a new personal data adequacy agreement between the two parties. This agreement will allow personal data to flow freely between the two parties on the basis that there are strong protective guarantees in place. Before the agreement was put in place, Japan agreed to put additional safeguards in […]
Read moreThe government has recently published draft legislation to deal with the UK’s post-Brexit GDPR regime, namely “The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019”. The new legislation proposes to introduce an amended version of the GDPR (creatively titled “the UK GDPR”), the Privacy and Electronic Communications Regulations 2003 (PECR), and […]
Read more