Data Protection Report

Data protection legal insight at the speed of technology

Latest from Data Protection Report - Page 2

Russian Data Localization law: now with monetary penalties

December 20, 2019

On 2 December, a new law was introduced in Russia to enable substantial administrative fines to be imposed on organizations and individuals that fail to comply with data localization requirements. Both legal entities and responsible managers (e.g. the Data Protection Officer or the CEO) can be fined under the new regime.…

Data Protection Report

Here We Go Again: Another Ballot Initiative for CCPA in 2020

By David Kessler (US) & Susan Ross (US)

December 2, 2019

As companies get ready for the California Consumer Privacy Act’s (CCPA) effective date of January 1, 2020, compliance is complicated because there are still several moving variables: Draft regulations have been proposed but may not be final until after January 1, 2020. The recent amendments to CCPA include two important exceptions (business-to-business (B2B) and the “employee” exceptions) that sunset on December 31, 2020. It is anticipated that amendments to CCPA will be introduced in the…

Data Protection Report

First multi-million GDPR fine in Germany: €14.5 million for not having a proper data retention schedule in place

By Christoph Ritzer (DE) & Natalia Filkina (DE)

November 12, 2019

On October 30, 2019 the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit – Berlin DPA) issued a €14.5 million fine on a German real estate company, die Deutsche Wohnen SE (Deutsche Wohnen), the highest German GDPR fine to date. The infraction related to the over retention of personal data. For the first time, the Berlin DPA applied the new calculation method for GDPR fines issued by the German…

Data Protection Report

Covert monitoring in the workplace – impact on an employee’s privacy

By Amanda Sanders (UK)

November 8, 2019

The Grand Chamber of the European Court of Human Rights (ECHR) has held that Spanish shop workers’ right to privacy under Article 8(1) of the European Convention on Human Rights was not violated when their employer obtained evidence of theft from covert CCTV footage of the employees.…

Data Protection Report

German Data Protection Authorities publishes a new GDPR model for fines

By Christoph Ritzer (DE) & Natalia Filkina (DE)

October 28, 2019

The German Datenschutzkonferenz (DSK), the joint body of the German data protection authorities, has just published the model which it intends to use to calculate fines pursuant to Article 83 of the GDPR.…

Data Protection Report

California Governor signs all 5 CCPA amendments

By Jeewon Kim Serrato (US) & Susan Ross (US)

October 14, 2019

On Friday, October 11, 2019, the California Governor signed all five of the California Consumer Privacy Act amendments that were awaiting his signature (AB 25, 874, 1146, 1355, and 1564) as well as an amendment to California’s data breach law (AB 1130). We had previously written about the impact on CCPA if all five amendments went into effect here.…

Data Protection Report

Mic Drop: California AG releases long-awaited CCPA Rulemaking

By David Kessler (US), Jeewon Kim Serrato (US), Susan Ross (US), Anna Rudawski (US) & Max Kellogg (US)

October 11, 2019

On October 10, 2019, with just weeks to go until the law goes into effect, the California Attorney General released the long-awaited draft regulations for the California Consumer Privacy Act (CCPA). The proposed rules shed light on how the California AG is interpreting and will be enforcing key sections of the CCPA. In the press release announcing the proposed regulations, Attorney General Becerra described CCPA as “[providing] consumers with groundbreaking new rights on the use…

Data Protection Report

First Data Access Agreement under the CLOUD Act signed by UK and US

By David Kessler (US) & Susan Ross (US)

October 10, 2019

On 3 October 2019, the UK and US governments signed the first bilateral Data Access Agreement (the Agreement) under the US Clarifying Lawful Overseas Use of Data Act 2018 (CLOUD Act) and the UK Crime (Overseas Production Orders) Act 2019.…

Data Protection Report

No surprises in the recent Planet49 European Court of Justice judgment

By Christoph Ritzer (DE), Natalia Filkina (DE) & Lara White (UK)

October 9, 2019

On 1 October 2019, the European Court of Justice (ECJ) delivered its judgement on Case C – 673/17 (the “Planet49” case), which relates to the consent and transparency requirements for the use of cookies and similar technologies. The ECJ largely followed the March 2019 Opinion of Advocate General Szpunar and the judgment is generally consistent with the recent regulatory guidance issued by the UK and French data protection authorities in this area.…

Data Protection Report

The right to be forgotten: the CJEU sides with Google in two landmark cases

By Nadège Martin (FR) & Nilofar Moini Shabestari (FR)

October 9, 2019

On 24 September 2019 the Court of Justice of the European Union (CJEU) gave two judgments (Cases C-507/17 and C-136/17) ruling that: (i) de-referencing by Google should be limited to EU Member States’ versions of its search engine with some important qualifications; and (ii) when Google receives a request for de-referencing relating to a link to a web page on which sensitive data are published, a balance must be sought between the fundamental rights of…

Data Protection Report

Data protection legal insight at the speed of technology

Russian Data Localization law: now with monetary penalties

Here We Go Again: Another Ballot Initiative for CCPA in 2020

First multi-million GDPR fine in Germany: €14.5 million for not having a proper data retention schedule in place

Covert monitoring in the workplace – impact on an employee’s privacy

German Data Protection Authorities publishes a new GDPR model for fines

California Governor signs all 5 CCPA amendments

Mic Drop: California AG releases long-awaited CCPA Rulemaking

First Data Access Agreement under the CLOUD Act signed by UK and US

No surprises in the recent Planet49 European Court of Justice judgment

The right to be forgotten: the CJEU sides with Google in two landmark cases

Stay Connected

Company

Support

New to the Network