Posts by: dana

Data Protection News: Summer Edition 2019

This summer's data protection news: ● The battle for cookies - ICO and CNIL issue new guidance, but the trenches of online profiling are hard to control ● CJEU's Fashion ID – another case of joint controllers ● The pitfalls of relying on employee consent - a case from Greece ● New legislation in Romania wants to identify SIM card…

Monthly Roundup of Data Protection News: May 2019

Last month in data protection news: ● In cahoots with Facebook whether you like it or not: a feature story about being joint controllers with Facebook when you create a page ● GDPR in 1 year: links to all the articles we found with anniversary facts and figures ● An apple a day: Dutch Data Protection Authority issues guidance on…

Monthly Roundup of Data Protection News: April 2019

Last month in data protection news: ● Voice recordings: a feature story on new cases about the legal treatment of voice recordings, depending on the purpose of their use ● Data Protection Impact Assessments ● EU Legislation watch: news about legislative processes ● Romania: helpline for cybersecurity threats launched ● CNIL: 2018 activity report & 2019 enforcement strategy published ●…

Monthly Roundup of Data Protection News: March 2019

Last month in data protection news: ● Political campaigns and the GDPR: a feature story on the issues raised by processing personal data for political purposes. ● First GDPR fine in Poland: business information aggregator sanctioned for lack of transparency. ● Copyright Directive vs GDPR: see where the legislation ovelaps and what this means for content sharing platforms. ● AdTech…

ECJ case to settle what should be common sense on cookie consent

This week ECJ Advocate General Maciej Szpunar issued his Opinion on the Planet 49 Case – a case dealing with issues which should have been sufficiently clear not to bother the Court in the first place. Namely, it is about (a) pre-checked boxes as means to collect consent for placing cookies and (b) if, under the ePrivacy Directive, the same…

What’s (not) new about EDPB’s Statement on political campaigns

On 14 March 2019 the EDPB issued a Statement on the use of personal data in the course of political campaigns, following its 8th plenary session. This was supposed to be an important position document in light of the upcoming EU Parliament elections in May, however it left us with even more questions and not one solution. Just a short…

Our pro bono work in 2018

Pro bono work and public participation are part of our core organizational values. We try to find time and resources to make data protection better in Romania.

[RO] Procedura de investigaţii ANSPDCP explicată

ANSPDCP, autoritatea română de protecţia datelor, a publicat Decizia nr. 161/2018, prin care a aprobat procedura de efectuare a investigaţiilor. Textul integral al procedurii este disponibil aici. Echipa PrivacyOne a analizat procedura şi vă prezintă principalele elemente de avut în vedere într-un Legal Alert dedicat integral acestei teme, diponibil online aici. Prezentarea conţine: Măsurile pe care le poate dispune ANSPDCP…

Romanian DPA adopts DPIA List

The Romanian data protection authority (the ANSPDCP) has adopted the final list of cases which require a data protection impact assessment (DPIA). PrivacyOne has contributed with observations on the draft DPIA list which was previously opened for public debates according to the national transparency regulations. The final list reflects some of the points we raised, such as certain terminology issues.…

[RO] Transferul datelor către grupul băncii în Codul de Conduită ARB

Pe 5 noiembrie 2018 Asociaţia Română a Băncilor a publicat noul său Cod de Conduită, care se referă şi la aspecte de protecţia datelor http://www.arb.ro/codul-de-conduita/. Codul stabileşte confidenţialitatea datelor furnizate de clienţi şi obligaţia angajaţilor băncii să protejeze aceste date. Însă, formularea legată de dezvăluirea acestor date personale către entităţi din grupul băncii (secţiunea 2.5 din Cod) poate crea confuzii:…