Tag

Personal Data

Browsing

The French data protection authority (“Commission nationale de l’informatique et des libertés” or “CNIL”) published, on January 12, 2022, a statement on processor reuse of data entrusted by data controllers. This guidance aims at establishing a legal framework to determine if, and under which conditions, a processor can use personal data it obtained from a controller for purposes broader than just strictly providing services to the controller. Can a processor reuse the data it receives…

Over the years, protecting children’s informational privacy has become a controversial issue. From a legal perspective, there are two questions: to what extent does it depend upon parental control and consent, and how is this factor incorporated into the law seeking to protect children’s informational privacy? Under the Law on Children 2016 (LoC), a child is defined as any person below the age of 16. Personal information, as prescribed by the Law on Cyberinformation Security…

In brief On 25 May 2021, the Singapore High Court provided long-awaited clarifications on the scope of private actions under the Personal Data Protection Act 2012 (PDPA). It was held that in order to succeed in a private action under the PDPA, the claimant must suffer loss or damage that falls within the common law heads of loss or damage (such as pecuniary loss, damage to property, and personal injury including psychiatric illness) directly as…

On June 12, 2020, the government of Quebec introduced Bill 64, An Act to modernize legislative provisions as regards the protection of personal information. The Bill proposes to modernize the existing framework applicable to the protection of personal information by amending various public, and private sector Quebec laws, to align closer with the requirements under the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and the European General Data Protection Regulation. The Act respecting…

On February 7, 2020, the California Attorney General released its revised draft implementing regulations for the California Consumer Privacy Act. The revised regulations are not yet final. The California AG will accept written comments regarding the updated regulations until 5:00 pm (PST) on Tuesday, February 25, 2020. The following is a high-level overview of the key new requirements under the updated regulations that are important for businesses to consider in connection with their CCPA compliance…

Avid readers of this blog will know that shortly before the new year holidays advocate general Hendrik Saugmandsgaard Øe (a.g.) gave his opinion on how European Court of Justice (CJEU) should deal with the second Schrems case (Schrems II) on international data transfers. You’ll find the summary we wrote at the time here. This is the first in a series of blogs, on different impacts the opinion might have particularly on the available data transfer…

The Federal Trade Commission finalized a settlement with cloud software provider InfoTrax Systems, L.C. following claims that it failed to enact sufficient data security policies, enabling a hacker to access sensitive personal data. The security incident According to the FTC, a hacker was able to access InfoTrax System’s server over 20 times from May 2014 to March 2016, successfully obtaining sensitive personal data, which could be used to commit identity theft and fraud. The FTC…