Don't miss the opportunity to know more about this case that is going to raise one of the most interesting debates of 2020. Our Swiss expert, Gabriel Avigdor from datalex llc, explains the contents and main issues raised by the Norwegian Consumer Council (“NCC”) through its 186 pages study report called “OUT OF CONTROL. The document, supported by a 93 pages technical report, explains how the industry of digital advertising (“AdTech” industry) is exploiting personal data of consumers through dating mobile applications to use and monetize such data for their business interest and the ones of “shadow companies”. Find also a deeper analysis of the case in the latest Gabriel's article here.
Out of Control: a deep dive into the digital advertising and data sharing practices
Recent Posts:
- 4 April 2021
After almost 3 years with General Data Protection Regulation, there is still big uncertainty among businesses regarding its particular obligations in case of a data breach. Under the GDPR, any incident resulting in the destruction, loss, alteration or disclosure of personal data is a data breach and its occurrence triggers the controller’s obligation to examine the breach and, in some cases, to notify Data Protection Authority (DPA) and inform data subjects whose personal data the breach concerned. In case the breach poses risks to data subjects (of a monetary loss or physical harm) the controller is obliged to notify the DPA within 72 hours. In addition, in case the risks identified by the controller are particularly high, it is also necessary to inform the data subjects.
Recently Polish DPA issued decisions regarding the data breach notifications which were quite controversial. As an example, in one of the cases the scale of the breach was quite insignificant (mail send by mistake to wrong receiver). The company identified the incident as data breach, however, with no risk to data subject identified, it decided not to notify the DPA. The conclusion reached by the DPA (after the proceeding initiated by the e-mail receiver) was different – it found that not only the breach posed risk to data subjects but that the risk was high and that also the data subject should have been notified.
During the espresso, our Polish expert, Karolina Miksa from WKB lawyers in Poland, will provide more details about the Polish cases and discuss, if, to avoid sanctions, the companies should consider to notify any data breaches to the DPA.
- 30 March 2021
From 1 January 2021, Russia-based employers must comply with new requirements regarding their remote employees. In this video Nikita Maltsev from Gorodissky & Partners highlights some of the new requirements regarding remote work conditions, namely: (1) types of remote work, (2) documents exchange, (3) provision of necessary equipment, (4) new grounds for dismissal.
For more information please read the article “HOME SWEET HOME – NEW REMOTE WORKING LAW ADOPTED” from Gorodissky & Partners here: https://www.gorodissky.com/publications/articles/home-sweet-home-new-remote-working-law-adopted/
- 18 March 2021
The Accountability principle does not exist in the EU and GDPR only. Other relevant regulations, such as the Colombian law, take this principle in great consideration and it is not recommended to apply it in its EU interpretation.
So how should it be implemented in Colombia, also regarding the size of an organization?
Listen to this privacy espresso with Stella Sofia Vanegas and Angela Maria Noguera from Vanegas Morales Consultores to learn our country experts' considerations, starting from the role of the companies' board of directors to the one of every single employee!
- 11 March 2021
We analyzed with José Leitão, privacy expert from MdME Lawyers in Macau, the recent MDPO decision and fines in excess of MOP,000,000.00 (more than EUR100,000.00) due to out of purpose usage of data and its implications to data controllers in Macau.
Learn more on what happened and how to avoid such fines in this privacy espresso!
- Privacy Espresso, ep. 9: Relevance and impact of Digital Identity in Vaccination Process (DIVP)
In these uncertain times, VU security has developed a Digital Identity in Vaccination Process (DIVP) helping governments and citizens in these sensitive activities.
Know more about the DIVP development and its impact and effects it is bringing where applied