The CJEU Sets Its Standards For Obtaining A Valid GDPR Consent

By Decision of 11 November 2020 (C-61/19), the Court of Justice of the European Union (CJEU) specified the conditions applicable to obtain a GDPR compliant consent.  Indeed, the Court ruled that the data subjects’ consent to the processing of their personal data was not valid in the following cases: where the controller (i.e., Orange România) pre-ticked the consent box referring to a clause contained in a contract and stating that the customer has consented to the collection and storage of their personal data (in this case, their identity document); or where it was not clear as to whether individuals could refuse the processing operations without suffering any consequences on the possibility to conclude the service agreement; or where the individuals’ freedom of choice could be affected by requiring the individuals to complete an ...
Read More

Other News

 

The CJEU Sets Its Standards For Obtaining A Valid GDPR Consent

The CJEU Sets Its Standards For Obtaining A Valid GDPR Consent

By Decision of 11 November 2020 (C-61/19), the Court of Justice of the European Union (CJEU) specified the conditions applicable to obtain a GDPR compliant consent.  Indeed, the Court ruled that the data subjects\' consent to the processing of their personal data was not valid in the following ...
EDPB – The Plenary Meeting Was About Data Protection By Design & Default, Copyright Directive And The Coordinated Enforcement Framework

EDPB – The Plenary Meeting Was About Data Protection By Design & Default, Copyright Directive And The Coordinated Enforcement Framework

The European Data Protection Board (EDPB), a Board reuniting all the EU data protection authorities, met for its 40th plenary session on October 21. During this meeting, the EDPB : adopted the final version of the Guidelines on Data Protection ...
ICO:  £18.4 Million Fine On Marriott For Failing to Detect A Cyber-Attack

ICO: £18.4 Million Fine On Marriott For Failing to Detect A Cyber-Attack

By decision of 30 October 2020, the ICO (i.e., the UK data protection authority) issued an £18.4 million fine on Marriott International Inc for failing to comply with its GDPR security obligation. This decision stems from a cyber attack on Starwood, a company acquired by Marriot in 2016, notified ...
UK: The ICO Fines British Airways £20 Million Following A Personal Data Breach

UK: The ICO Fines British Airways £20 Million Following A Personal Data Breach

The Information Commissioner’s Office (ICO) imposed a fine of  £20m on British Airways (BA) for failing to protect the personal and financial details (payment card details) of more than 400,000 customers. The ICO investigation revealed that the BA had not implemented adequate security measures ...
Germany: €35.3 Million Fine For Excessive Employee’s Monitoring Activities In H&M’s Service Center

Germany: €35.3 Million Fine For Excessive Employee’s Monitoring Activities In H&M’s Service Center

The Hamburg Commissioner for Data Protection and Freedom of Information imposed a 35.3 Million Euros Fine on H&M for illicit HR data procssing carried out in its Service Center based in Nuremberg. Indeed, the Authority discovered that the management team ...
COVID-19: What Processing Operations Can Employer Implement In The French Workplace?

COVID-19: What Processing Operations Can Employer Implement In The French Workplace?

On 23 September 2020, the CNIL published an article reminding employers of the conditions under which they can implement personal data processing for the purpose of fighting the spread of the COVID-19 virus. The CNIL reminds employers and employees/agents of (i)their ...