The UK Information Commissioners’ Office (ICO) has opened a public consultation on the draft guidance on the research provisions in the UK GDPR and the DPA 2018. Processing of personal data for research purposes is regulated by data protection laws despite the absence of a specific legislation on this, so the guidance is intended to provide more...
On 2 February 2022, the Belgian Data Protection Authority imposed a fine of €250,000 against the Interactive Advertising Bureau Europe (IAB Europe) for several alleged infringements of the GDPR, as a result of an investigation into the IAB Europe Transparency and Consent Framework (TCF). IAB has announced the intention to appeal the decision, and issued...
Google Android might halt cross-application tracking features. In a blog, Anthony Chavez (VP, Product Management, Android Security & Privacy) wrote that “Today, we’re announcing a multi-year initiative to build the Privacy Sandbox on Android, with the goal of introducing new, more private advertising solutions. Specifically, these solutions will limit sharing of user data with third parties...
According to the Daily Mail, a serious data breach against databases in control of the New South Wales government exposed more than 500,000 QR code check-in addresses across Australia. The leak of information, related to the system designed to help the public through the pandemic, could reveal the locations of domestic violence shelters, Defence sites,...
The European Data Protection Board (EDPB) has launched the first coordinated enforcement action pursuant to which 22 national supervisory authorities across the EEA (including the EDPS) will launch investigations into the use of cloud-based services by the public sector. Over 75 public bodies in total will be addressed across the EEA, including EU institutions, covering...
The European Data Protection Supervisor (EDPS) published a paper on modern spyware to highlight unprecedented risks of technology used in surveillance. Pegasus is discussed in detail in the paper. Concerning features of Pegasus, according to the EDPS, include unrestricted access of devices, zero click attack (makes it closer to non-preventable) and the fact that it...
The US Securities and Exchange Commission (SEC) has for the first time issued a proposal for cybersecurity rules, procedures and data breach prevention measures for investment funds and advisers. If approved, the measures will require thousands of companies to report cyberattacks within 48 hours. The proposals require funds and registered investment advisers to develop written...
In the lawsuit, Texas’s Attorney General Ken Paxton seeks for billions of dollars in fines against Meta which captured and stored the facial geometry of several millions of photos uploaded by Facebook users from 2010 till last year in what is claimed of being “tens of millions of violations”. Read more on the New York...
American Headquarters: European Office:
PrivacyRules Ltd.
201 East Fifth Street
Suite 1900 – #1362
Cincinnati, OH 45202, USA
Via dei Della Robbia 112
50132, Firenze
Italy (IT)Expertise