Tag Archives: GDPR

European Data Protection Board Issues Draft Guidelines on Extra-Territorial Application of the GDPR

On November 23, 2018, the European Data Protection Board (“EDPB”) issued draft Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) (“Guidelines”). As per standard procedure, the EDPB has published this first version of the Guidelines to allow for public consultation about its contents over the next several months. At the conclusion of … Continue Reading

Dutch Supervisory Authority Imposes GDPR Security Standard for Processing Broadly Defined Health Data

In early November, the Dutch Supervisory Authority released an injunction imposed against the public insurance body Uitvoeringsinstituut Werkgeversverzekering (“UWV”) last July. The UWV allows employers to submit data about their employees for social security purposes.  The data includes dates of employee absences due to general illness (and when an employee is pregnant or gave birth, … Continue Reading

CNIL imposes GDPR-consent in online advertising space

On November 9, 2018, the French Supervisory Authority for Data Protection (known as the “CNIL”) announced that it issued a formal warning (available here) ordering the company Vectaury to change its consent experience for customers and purge all data collected on the basis of invalid consent previously obtained.   Vectaury is an advertising network that … Continue Reading

European Regulators Are Intensifying GDPR Enforcement

Earlier this year, in the run-up to the General Data Protection Regulation’s (“GDPR”) May 25, 2018 date of application, a major question for stakeholders was how zealously the GDPR would be enforced.  Now, as the GDPR approaches its six-month birthday, an answer to that question is rapidly emerging.  Enforcement appears to be ramping up significantly.  … Continue Reading

Portuguese hospital receives and contests 400,000 € fine for GDPR infringement

On July 17, 2018, the Portuguese Supervisory Authority (“CNPD”) imposed a fine of 400.000 € on a hospital for infringement of the European Union General Data Protection Regulation (“GDPR”).  The decision has not been made public.  Earlier this week, the hospital publicly announced that it will contest the fine. According to press reports, the CNPD … Continue Reading

Dutch Supervisory Authority releases guidance on the interaction between the GDPR and PSD2

On October 18, 2018, the Dutch Supervisory Authority for data protection adopted guidance on the second Payment Service Directive (“PSD2”).  The PSD2 intends to open the financial services market to a larger scale of innovative online services.  To that effect, the PSD2 sets out rules for obtaining access to the financial information of bank customers.  … Continue Reading

The Implications of the GDPR on Clinical Trials in Europe

On October 23, 2018, the European Federation of Pharmaceutical Industries in cooperation with the Future of Privacy Forum and the Center for Information Policy Leadership will organize a workshop entitled, “Can GDPR Work for Health Research.”  In the first session, the workshop will discuss the implications of the General Data Protection Regulation (“GDPR”) on clinical … Continue Reading

GDPR: Top 5 Post-Implementation Issues for Airlines

On 25 May 2018, the EU General Data Protection Regulation (GDPR) came into effect. The GDPR establishes some of the most robust privacy requirements globally and is likely to be a model followed by other jurisdictions. Airlines are uniquely affected by the GDPR with passenger data being at the heart of their business and international … Continue Reading
LexBlog