What personal data can organisations process in the fight against coronavirus?

Many organisations are taking preventive measures to prevent the spread of Covid-19, ranging from health and travel questionnaires to temperature measurement. This article gives a view from Belgium on the data protection implications of these measures. Due to the outbreak of COVID-19, organisations are taking various preventive measures to prevent the spread of the virus. These range from questionnaires (about recent destinations, medical symptoms, etc.)…

European Court of Justice - A ‘Like’ button on your website? Then you are a joint data controller with Facebook!

Website operators who feature a ‘Like’ button have been ruled to be joint controllers for data protection purposes in a recent European Court of Justice judgement. In a judgment of 29 July 2019 (Fashion ID GmbH & Co, C-40/17) the European Court of Justice ruled that operators of a website that features a ‘Like’ button are controllers jointly with Facebook. This means they must make an arrangement with…

Denmark – The European Data Protection Board takes stock

The European Data Protection Board (EDPB) has issued its annual report for 2018. The report provides information on the EDPB’s work in the first seven months after the GDPR entered into force and outlines the EDPB’s plans for the future. Since the entry into force of the GDPR on 25 May 2018, the European Data Protection Board (EDPB) has been tasked with ensuring consistent application…

UK: No deal #Brexit and data protection

This article discusses the impact of a no deal Brexit on data protection issues for businesses transferring data to or from the UK and how they should prepare for this possibility. With the Brexit D-day of 29 March looming, organisations have asked us to help prepare a Brexit Data Response Plan in case of a potential no deal Brexit. Building on the UK Information Commissioner’s…

Brazil – new, stricter data protection rules take effect

Brazil has adopted a law introducing new and more stringent GDPR-style data protection provisions. On 14 August 2018 President Michel Temer sanctioned the new Brazilian General Data Protection Law (LGPD), which regulates the processing of personal data by individuals, private entities and public authorities. The LGPD reproduces some of the central points of the European General Data Protection Regulation (GDPR), which became effective on 25 May…

Europe: International data transfers - are model clauses now under threat?

Max Schrems, an Austrian law student successfully brought a case to the European Court of Justice in 2015 that resulted in the “safe harbour” – an agreement that allowed the transfer of EU citizens’ data to the US – being declared invalid. Since then, transfers outside the EU have largely been conducted based on previously approved ‘model clauses’. But Mr Schrems has now brought a…

Russia: double burden data protection

The GDPR applies to the entities having establishments within the EU, as well as to those that do not have a physical presence in the EU where their processing activities, either as a data controller or processor, are related to the ofering of goods or services to data subjects in the EU, or to the monitoring of data subjects’ behaviour taking place within the EU….

EU General Data Protection Regulation (GDPR) – countdown of one more year

Die EU-Datenschutz-Grundverordnung – noch ein Jahr bis zur Anwendbarkeit – bi-lingual posting / zweisprachiger Beitrag – The European General Data Protection Regulation (GDPR) will become applicable throughout the European Union on 25 May 2018, with additional national legislation. By then, companies need to be compliant. The German Bundesrat has recently passed the new Bundesdatenschutzgesetz, which will adapt the European Regulation into national German law. This…

The right to be forgotten - ECJ ruling on Italian data protection case

The European Court of Justice (ECJ) recently ruled on an Italian case in which the director of a company, a Mr Manni, had brought an action against the Lecce Chamber of Commerce. He had built a tourist complex in Italy, but argued that the properties had failed to sell because it was apparent from the companies register that he had been involved in a company…