お勧めニュース

Business & Government Advanced read

Use of Google Analytics violates "Schrems II"

In a groundbreaking decision, the Austrian Data Protection Authority ("Datenschutzbehörde" or "DSB") has decided on a model case by noyb that the continuous use of Google Analytics violates the GDPR. This is the first decision on the 101 model complaints filed by noyb in the wake of the so-called "Schrems II" decision.

[Simple] Privacy group targets website 'cookie terror'

Noyb, headed by well-known Austrian privacy advocate Max Schrems, is targeting companies which it says deliberately make it hard to opt-out of tracking cookies.

Business & Government Intermediate read

Irish DPC "handles" 99,93% of GDPR complaints, without decision?

The Irish DPC (Data Protection Commissioner) acknowledges in Irish Parliament hearing it "handles" GDPR complaints by not deciding about them, in violation of EU law.

The long-standing miracle of "self-resolving" GDPR complaints was then lifted by Helen Dixon: The DPC simply interprets the word "handle" to mean that the DPC can also simply dispose of complaints on the fundamental right to privacy. She openly argued “In fact, there is no obligation on the DPC under the 2018 Act to produce a decision in the case of any complaint.”

[Intermediate] Schrems II a summary – all you need to know

On 16 July 2020, the European Court of Justice issued the Schrems II judgement with significant implications for the use of US cloud services. Customers of US cloud service providers must now themselves verify the data protection laws of the recipient country, document its risk assessment and confer with its customers. This article will explain what the Schrems II judgement entails for your business.

[Simple] Gay Dating App "Grindr" to be fined almost € 10 Mio

In January 2020, the Norwegian Consumer Council and the European privacy NGO noyb.eu filed three strategic complaints against Grindr and several adtech companies over illegal sharing of users’ data. Like many other apps, Grindr shared personal data (like location data or the fact that someone uses Grindr) to potentially hundreds of third parties for advertisment.

CJEU invalidates “Privacy Shield” in US Surveillance case

The EU's Court of Justice has just invalidated the "Privacy Shield" data sharing system between the EU and the US, because of overreaching US surveillance.

EUの司法裁判所は米国による行き過ぎた情報監視が権利侵害だとして「プライバシーシールド」を無効化

EUの司法裁判所(CJEU)は、米国が同国の国家安全保障局(NAS)の監視から米国企業が有する自国民以外の情報を保護していない、としてEUと米国の間のデータ共有に関する枠組み「プライバシーシールド」を無効にしました。Facebookなどの米国企業は、EEA域外へのパーソナルデータの移転を特別に認めるGDPR(一般データ保護規則)の標準的契約条項(SCC:Standard contractual clauses)を締結できなくなります。併せて、EU司法裁判所は、GDPRの適用を行うべき欧州委員会および、アイルランドのデータ保護委員会(Irish Data Protection Commission)などにGDPRを形骸化させないようにその責務を果たすよう求めています。