Websites have been using Cookie Consent Banners that appear to comply with GDPR but use subtle ways to make it more likely that users will agree to the Cookies. Regulators from various jurisdictions have been promoting stricter requirements to obtain clear, unambiguous freely-given consent. The Italian DPA, the Garante, recently (June 2021) released a new set of guidelines on cookies. The guidelines require website owners to obtain unambiguous consent form users before placin
In a previous post we discussed the status, in general, of ‘disease risk’ genetic data, and we saw that it is generally going to be health data.
Now, suppose we do not know the identity of the data subject: we only have DNA sequencing data; is that personal data? It seems that under GDPR the answer is in the affirmative (and in future we’ll discuss other laws, which answer in the negative).
Moreover, WP29 Opinion 216 states (section 2.2.2) that “removing directly identifying
On June 6, 2020 the Spanish data protection authority, the AEPD (Agencia Española de Protección de Datos), published a fine imposed on Telefonica Moviles España, S.A.U. – a telecom provider. This case is likely to be of particular interest to many service-oriented organizations.
Briefly what happened is this: the complainant was a customer of the telco; a fraudster called the telco pretending to be the complainant, and ordered several phone lines installed, at the complainant
DISCLAIMER: SEE AT THE END OF THIS BLOG.... We've been asked about a tricky situation: when a data subject makes a request for data, but employees at our client have added personal remarks, sometimes derogatory or uncouth, to the data subjects' file. Here's how we can approach that: GDPR Article 15 states that "The data subject shall have the right to obtain from the controller… access to the personal data" that the controller has on that data subject. On the face of it, if a