EDPB Begins Consultation on New Guidelines on Use of the “Performance of a Contract” GDPR Legal Basis by Online Services

By Ezra Steinhardt on April 17, 2019 Posted in Advertising & Marketing, Data Privacy, EU Data Protection, European Union

On 9 April 2019, the European Data Protection Board (“EDPB”) adopted new guidelines “on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects.” In general, the GDPR requires that processing of personal data be justified under a legal basis in Article 6 GDPR. … Continue Reading

China Releases Draft Amendments to the Personal Information Protection Standard

By Yan Luo on February 11, 2019 Posted in China, Cross-Border Transfers

On February 1, 2019, China’s National Information Security Standardization Technical Committee (“TC260”) released a set of amendments to GB/T 35273-2017 Information Technology – Personal Information Security Specification (“the Standard”) for public comment. The comment period ends on March 3. Although not legally binding, the Standard has been highly influential since becoming effective in May 2018, … Continue Reading

CNIL imposes GDPR-consent in online advertising space

By Kristof Van Quathem and Anna Oberschelp de Meneses on November 16, 2018 Posted in Advertising & Marketing, Data Privacy, EU Data Protection

On November 9, 2018, the French Supervisory Authority for Data Protection (known as the “CNIL”) announced that it issued a formal warning (available here) ordering the company Vectaury to change its consent experience for customers and purge all data collected on the basis of invalid consent previously obtained. Vectaury is an advertising network that … Continue Reading