Greece Publishes Draft Legislation for Implementing GDPR

Nikolaos TheodorakisBy Nikolaos Theodorakis on Posted in European Union, Privacy, Regulatory

On August 12, 2019, the Greek Ministry of Justice published the long-awaited, draft legislation for implementing the General Data Protection Regulation (GDPR). Greece and Slovenia are the only two European Union (EU) countries that have not yet implemented the GDPR.

As an EU regulation, the GDPR has legally taken effect in every EU country, including Greece. In fact, the Greek Supervisory Authority recently imposed a 150,000EUR fine on a company for GDPR violations. However, the GDPR allows EU countries to adopt certain derogations, specifications, and exceptions through their implementing legislation. The draft, inter alia, does this through the following provisions:

  1. Age of Consent

The draft requires that a minor over 15 years old (and up to 18 years old) must consent to the processing of his/her personal data for the processing to be lawful. When a minor is under 15 years old, the minor’s legal guardian must consent.

Continue Reading

Website Operator Jointly Liable for Data Collection and Transmission Through Facebook “Like” Button

Cédric BurtonJan DhontRossana FolChristopher OlsenBastiaan SuurmondBy Cédric Burton, Jan Dhont, Rossana Fol, Christopher Olsen and Bastiaan Suurmond on Posted in Cybersecurity, Privacy

On July 29, 2019, the European Court of Justice (ECJ) issued its decision in FashionID (Case C-40/17), determining that website operators are jointly liable with plugin providers for data collection and transmission through social media buttons and other embedded plugins. Although the ECJ found the operator and plugin provider to be jointly liable, the court placed the burden on the website operator to provide notice and, where necessary, obtain consent for the joint activity. Further, the court found the plugin provider to be independently responsible for any subsequent use of the data. The decision will likely prompt regulators to closely scrutinize the use of third-party plugins. Continue Reading

The ICO Issues Its Cookies Guidance: Clarified Stance and Enforcement Priorities

Josephine JayLore LeitnerJan DhontBy Josephine Jay, Lore Leitner and Jan Dhont on Posted in Cybersecurity, Privacy

On July 5, 2019, the UK’s Data Protection Authority (ICO) issued its “Guidance on the use of cookies and similar technologies” (the Guidance) along with a brief explanatory blog post. At the same time the ICO updated its own website cookie notice and consent, leading by example. The ICO’s blog post makes clear that cookie compliance will increasingly be a regulatory priority, and that companies should start working towards compliance now. Continue Reading

FTC Seeks Public Comment on Children’s Online Privacy Protection Rule

Libby WeingartenBy Libby Weingarten on Posted in Cybersecurity, Privacy

In a notice issued July 17, 2019, the Federal Trade Commission (FTC) is seeking public comment on a wide range of issues related to the Children’s Online Privacy Protection Act and implementing Rule (COPPA). The FTC has also announced a public workshop to review the COPPA Rule, to be held on October 7, 2019. Continue Reading

The CNIL Sharpens Requirements on Deployment of Tracking Technologies

Rossana FolJan DhontBy Rossana Fol and Jan Dhont on Posted in Privacy

On July 18, 2019, the French Data Protection Authority (CNIL) issued new guidance on the use of cookies and similar tracking technologies (collectively referred to as “cookies” below).[1] The guidance clarifies the instances in which companies must obtain consent for the use of cookies and specifies the requirements for obtaining consent. Continue Reading

Looking Back: The ICO’s Busy Year and Its Record-Breaking Fines

Josephine JayLore LeitnerBy Josephine Jay and Lore Leitner on Posted in Privacy

The UK Supervisory Authority (the ICO) has had a headline-busting month. On July 9, 2019, the ICO announced its intention to fine Marriott International more than £99 million under the GDPR (General Data Protection Regulation) for a data breach which took place last year,[1] a figure that would have been record breaking had the ICO not announced its intention to fine British Airways £183 million 24 hours earlier.[2] While it is clear that both of these hefty penalties relate to deficiencies in security practices, the actions that paved the way for such draconian fines are yet to be made public (see “Massive GDPR Fine Proposed by UK ICO Confirms Trend of Increased Focus on EU Data Breaches.”) Continue Reading

LexBlog

We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content. For more information or to opt-out, visit our privacy policy.

I agree