The fact that personal details of dozens of EU officials are among the latest leak may help to concentrate minds at the DPC.

These include Article 13 of the Swiss Constitution and a Swiss law called the DPA, as well as European legislation, such as the GDPR.While we’re reluctant to make such sweeping statements, Swiss companies in general are more secure than their U.S.-based counterparts, thanks to Switzerland’s strict laws governing the processing of personal data.

A blog post on New America explains: China’s draft PIPL represents a third way between the sectoral U.S. approach, which applies different rules for specific industries or classes of consumers, and the European Union’s comprehensive General Data Protection Regulation (GDPR) framework, which enshrines fundamental rights across contexts.

- Our preliminary conclusion is that Grindr has shared user data to a number of third parties without legal basis, said Bjørn Erik Thon, Director-General of the Norwegian Data Protection Authority.

The Irish DPC finds itself in this position because of the way that the GDPR works: when there are privacy problems, the cases are brought by the data protection authority of the EU nation in which the company concerned is based.

The CPRA makes several significant changes to the CCPA: It introduces the concept of “sensitive personal data”; It introduces new obligations on businesses, and GDPR-style “principles”; It introduces new rights for consumers; and It creates a new supervisory authority for data protection and privacy in California — the California Privacy Protection Agency.

This was clearly intended to circumvent the stricter data protection requirements demanded by EU lawmakers: Facebook users now have fewer rights under the GDPR than they did before under the old data protection law because, according to the Vienna Higher Regional Court, they have entered into a contract to receive personalized advertising.

Even though the current text is likely to change in various ways, it is clear that Canada’s proposed privacy law will be one of the most important, alongside the GDPR, and a useful further example of how to draft legislation offering strong privacy protection in the digital world.

The ICO’s investigation found that there were failures by Marriott to put appropriate technical or organisational measures in place to protect the personal data being processed on its systems, as required by the General Data Protection Regulation (GDPR).

The Belgian Data Protection Authority (APD-GBA) has found serious GDPR infringements in the system Google and others use to legitimise online tracking.

& Co KG (H&M) was fined €35.2 (US$41.1 million) by the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) for violating the General Data Protection Regulation (GDPR).The amount of the fine imposed is therefore adequate and effective to deter companies from violating the privacy of their employees.

“While the UK applies EU data protection rules during the transition period, certain aspects of its system may change in the future or be implemented in a manner that differs from the approach of the EU such as rules on international transfers,” an EU official said.

The merit behind the Bradford Trigger has nothing to do with personal data; each variable of the formula is a piece of information, which a company shall record, inter alia as required under the labour laws.

Not only has pretty much every piece of information they’ve ever entered into the platform been exposed to hackers, but this may have been going on since January 2018.Hackers offering data for sale on the dark web claim to not only have access to the full contents of all of these accounts, but also that the service has been storing user passwords in plaintext for over two years now.

UK class action style claim filed over Marriott data breach.A new class action lawsuit has been filed in the United Kingdom against Marriott for failing to protect personal data.Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service.

A consumer privacy campaign group has filed a lawsuit against American companies Salesforce and Oracle over an alleged breach of the EU's General Data Protection Regulation laws.

The UK's Information Commissioners Office, which enforces privacy laws - including the EU's General Data Protection Regulation - has confirmed the Barclays probe to Information Security Media Group."We have an ongoing investigation relating to Barclays' alleged use of employee monitoring tools," an ICO spokeswoman tells ISMG.

But assuming the court rules that algorithmic management must follow the GDPR, with specific privacy safeguards, then many other companies in the EU that use or are considering using office surveillance systems may find that they can do so only in circumscribed ways.

It mostly affects the Internet giants like Facebook, which now seem to have no legal means of transferring EU personal data to the US – neither under Privacy Shield, nor using SCCs. Since the CJEU decision cannot be appealed, that leaves two main ways forward.

For example, consumers who simply want to know what information the company has about them: If you don't have a program to respond to specific requests for information, you're going to be challenged by the new breed of regulations.

Two more bases include when processing is of “vital interest” to you (i.e. you were in an accident and your doctor needs to share your info) and when there is a “public interest” (which generally covers the collection of data by government agencies for research purposes).The last legal basis is “legitimate interest.” Legitimate interest is a legal basis one company would use with another company to request your private information.

Most of the time when I hit one of these notification pages, I open each section and choose “Reject all.” You can, if you prefer, go through an excruciatingly long list of all the companies that want to interact with you and your data when you view the site, and reject or accept them one by one.

With its public statement, the Irish DPC is trying to signal that it is working hard on these big cases, but Schrems doesn’t think it is making enough progress.

The judge ruled the matter was within the scope of the EU's General Data Protection Regulation (GDPR).One expert said the ruling reflected the "position that the European Court has taken over many years".The case went to court after the woman refused to delete photographs of her grandchildren which she had posted on social media.

A privacy advocacy group called Noyb – European Center for Digital Rights has filed a legal complaint with the Austrian Data Protection Agency against Google under Europe’s GDPR law .

Ryan’s report also recommends that national data protection agencies should “pursue adversarial enforcement, and to defend their decisions against expensive legal appeals by Big Tech.” That basically means we need to see some big, high-profile fines to prove that the GDPR is a serious law, with serious consequences for those who break it.

Twitter has changed what happens when users opt out of the “Allow additional information sharing with business partners” setting in the “Personalization and Data” part of its site.

Google has been accused of breaching one of the General Data Protection Regulation's (GDPR) principles surrounding consent that requires companies to provide a specific purpose for collecting and processing user personal data.

But Brave’s new evidence reveals that Google reuses our personal data between its businesses and products in bewildering ways that infringe the purpose limitation principle.The result is an internal data free-for-all that infringes the GDPR’s purpose limitation principle.

With all the potential for penalties, a question lingers: How much do the latest data privacy regulations limit customer journey data that powers personalized online experiences?This is another challenge for personalizing experiences online, as tools like cookies help companies optimize their marketing spend and deliver customers more relevant marketing messages.