the German Data Protection Conference issued a compelling statement regarding third country public authorities’ access to personal data.
IAB has developed and published practical guide to carrying out data protection impact assessments (DPIA) under the EU’s General Data Protection Regulation (GDPR). Guide provides background and describes the DPIA process in the context of processing data for digital advertising generally and for real-time bidding (RTB), in order to help companies understand their obligations and […]
It has emerged that the UK’s Coronavirus Test and Trace programme failed to complete a data protection impact assessment (DPIA) prior to its launch. Rolled out on May 28, the NHS Test and Trace Service is said to help the UK return back to normal life after the pandemic by tracking down and isolating those […]
Anonymizing location data is hard. If you absolutely need to do this, better consult someone knowledgable. Privacy impact assessments should not conform to fixed templates. These should be strict, technical analyses. Full article: On privacy impact assessment and leaking data of millions of users
Three new DPIAs, which Privacy Company has carried out for the central Dutch government, show that Microsoft has mitigated the eight previously identified privacy risks for Office 365 ProPlus through a combination of technical, organisational and contractual measures. However, the new privacy conditions for the central Dutch government do not yet apply to the data […]
After having received the favorable opinion of the European Data Protection Board, the Spanish Data Protection Agency (“AEPD”) released last 6th May a list of processing operations for which it is necessary to carry out a privacy impact assessment. Although the GDPR establishes criteria that help to identify those processing operations that involve a high […]
The Belgian Data Protection Authority recently published (in French and in Dutch) the updated list of the types of processing activities which require a data protection impact assessment (“DPIA”). Article 35(4) of the EU General Data Protection Regulation (“GDPR”) obligates supervisory authorities to establish a list of the processing operations that require a DPIA and transmit it to […]