CNIL adopts new guidance on cookies

On July 4, 2019, the Commission Nationale de l’informatique et des Libertés (CNIL), the French Data Protection Authority (DPA) adopted new guidelines on cookies and other tracking devices (“Guidelines”). According to the press release, the scrolling down or swiping through a website or application is no longer viewed as a valid expression of consent to the implementation of cookies; tracking services will have to prove that they have obtained consent. The CNIL adopted the Read more [...]

Spanish DPA issues survey on Device Fingerprinting

On February 2, 2019, the Spanish Data Protection Agency (AEPD) published a Survey on Device Fingerprinting. (“Survey“) “Device fingerprinting is the systematic gathering of information on a specific remote device with the aim of identifying, singling out and, thus being able to monitor its user’s activity for the purpose of profiling.” The data set extracted from the user’s terminal device allows that device to be unequivocally uniquely identified. The APD estimates that there Read more [...]

EDPS calls for strong and smart new rules to protect confidentiality of communications with Opinion 6/2017

On April 24, 2017, the European Data Protection Supervisor (EDPS) released Opinion 6/2017 on the Proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation Proposal). The EDPS welcomes the Proposal for the Regulation. There is a need of “a specific legal tool to protect the right to private life guaranteed by Article 7 of the Charter of Fundamental Rights, of which confidentiality of communications is an essential component”; a tool that would complete the GDPR (Regulation Read more [...]

Does the GDPR Apply to My Organization? The “Extraterritoriality” of the New European Data Protection Regulation

Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR) repeals Directive 95/46/EC and expands on the protection of natural persons with regard to the processing of personal data and the free movement of such data. The GDPR will come into force in May 2018 and will have an expanded territorial scope of application compared to the previous Directive 95/46/EC. What does it mean for businesses? EU establishment triggers GDPR application Before. Under Directive 95/46/EC, Read more [...]

WP29 publishes Guidelines on Data Protection Impact Assessment

In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). Among other documents, WP29 also adopted Guidelines on Data Protection Impact Assessment (DPIA), wp248,  which will be open for public consultation for 6 weeks before their final adoption. Data controllers should see the carrying out of a DPIA as a useful and positive activity that aids Read more [...]