Data protection in Brazil: what to expect this year

In 2023, the Brazilian General Data Protection Law (LGPD) celebrates five years since its publication. Since its entry into force in 2020, the LGPD has come a long way, but there are several legal issues relating to the protection of personal data that still need further refinement.  Brazilian Data Protection Authority Among the main changes since the enactment of the LGPD has beenthe change in…

How to deal with ex-employees’ email accounts: the Belgian DPA strengthens its position

The Belgian DPA has recently fined a company for delaying the closure of ex-employees’ email accounts. The Belgian Data Protection Authority (DPA) recently decided to impose an administrative fine of EUR 15,000 on a company that only closed email addresses linked to employees (surname and first name) who had left the company after 2.5 years. According to the DPA, non-closure of these email addresses constitutes…

What personal data can organisations process in the fight against coronavirus?

Many organisations are taking preventive measures to prevent the spread of Covid-19, ranging from health and travel questionnaires to temperature measurement. This article gives a view from Belgium on the data protection implications of these measures. Due to the outbreak of COVID-19, organisations are taking various preventive measures to prevent the spread of the virus. These range from questionnaires (about recent destinations, medical symptoms, etc.)…

European Court of Justice - A ‘Like’ button on your website? Then you are a joint data controller with Facebook!

Website operators who feature a ‘Like’ button have been ruled to be joint controllers for data protection purposes in a recent European Court of Justice judgement. In a judgment of 29 July 2019 (Fashion ID GmbH & Co, C-40/17) the European Court of Justice ruled that operators of a website that features a ‘Like’ button are controllers jointly with Facebook. This means they must make an arrangement with…

Denmark – The European Data Protection Board takes stock

The European Data Protection Board (EDPB) has issued its annual report for 2018. The report provides information on the EDPB’s work in the first seven months after the GDPR entered into force and outlines the EDPB’s plans for the future. Since the entry into force of the GDPR on 25 May 2018, the European Data Protection Board (EDPB) has been tasked with ensuring consistent application…

UK: No deal #Brexit and data protection

This article discusses the impact of a no deal Brexit on data protection issues for businesses transferring data to or from the UK and how they should prepare for this possibility. With the Brexit D-day of 29 March looming, organisations have asked us to help prepare a Brexit Data Response Plan in case of a potential no deal Brexit. Building on the UK Information Commissioner’s…

Brazil – new, stricter data protection rules take effect

Brazil has adopted a law introducing new and more stringent GDPR-style data protection provisions. On 14 August 2018 President Michel Temer sanctioned the new Brazilian General Data Protection Law (LGPD), which regulates the processing of personal data by individuals, private entities and public authorities. The LGPD reproduces some of the central points of the European General Data Protection Regulation (GDPR), which became effective on 25 May…

Europe: International data transfers - are model clauses now under threat?

Max Schrems, an Austrian law student successfully brought a case to the European Court of Justice in 2015 that resulted in the “safe harbour” – an agreement that allowed the transfer of EU citizens’ data to the US – being declared invalid. Since then, transfers outside the EU have largely been conducted based on previously approved ‘model clauses’. But Mr Schrems has now brought a…

Russia: double burden data protection

The GDPR applies to the entities having establishments within the EU, as well as to those that do not have a physical presence in the EU where their processing activities, either as a data controller or processor, are related to the ofering of goods or services to data subjects in the EU, or to the monitoring of data subjects’ behaviour taking place within the EU….

EU General Data Protection Regulation (GDPR) – countdown of one more year

Die EU-Datenschutz-Grundverordnung – noch ein Jahr bis zur Anwendbarkeit – bi-lingual posting / zweisprachiger Beitrag – The European General Data Protection Regulation (GDPR) will become applicable throughout the European Union on 25 May 2018, with additional national legislation. By then, companies need to be compliant. The German Bundesrat has recently passed the new Bundesdatenschutzgesetz, which will adapt the European Regulation into national German law. This…