data protection | In Principle

Go to content
Subscribe to newsletter
In principle newsletter subscription form

data protection

GDPR-compliant websites
Ensuring the transparency of websites is vital from the perspective of the GDPR. Persons entering a website must be aware of how their personal data will be processed on the site and for what purpose.
GDPR-compliant websites
Fines for installing cookies without the user’s consent
Cookies and similar technologies are commonly used marketing tools enabling optimisation of marketing campaigns and more effective targeting of customers. So it comes as no surprise that it’s hard to find a website without a popup window informing users that the site uses cookies, referring the user to the privacy policy and cookies policy for more information. Interestingly, a great majority of these messages are themselves inconsistent with the applicable regulations on data protection, telecommunications, and electronic services.
Fines for installing cookies without the user’s consent
Data protection and public procurement
A key element of the proposed new Public Procurement Law is to regulate the protection of personal data collected in the course of procurement procedures. Significant exceptions from the general rules of the GDPR are planned. What should they consist of?
Data protection and public procurement
Could businesses be sued for data leaks?
When hackers exploited vulnerability due to software not being updated at a US credit agency, important data of millions of customers in the US, Canada, and the UK were leaked. The US federal authorities have launched an investigation that could lead to millions in fines. Bosses at the firm were questioned in a congressional hearing and the agency is facing the largest class action in US history. This sounds like the plot of a financial thriller, but the Equifax case did in fact happen and is a lesson for the future.
Could businesses be sued for data leaks?
Private enforcement under the GDPR
While the new data protection regulation provides for severe administrative penalties for failure to comply, it is well known that whether a penalty is effective is determined not by its severity but by its inevitability. Even though the personal data protection authority has been given broad powers, it does not have adequate means of exercising them. A solution could be a private enforcement mechanism within the regulation, whereby any person whose data has been breached can independently seek a judicial remedy.
Private enforcement under the GDPR
Public procurement in the GDPR era
Contracting authorities have to bear in mind that protected personal data are processed in their procedures. Procedure documentation has to comply with new laws now that the GDPR is in effect.
Public procurement in the GDPR era
Employers must maintain a record of processing activities
Today (24 May 2018) is the last day for adjusting business operations to comply with the new requirements of the General Data Protection Regulation. The Article 29 Data Protection Working Party takes the view that under the GDPR, practically all employers must maintain a record of processing activities with respect to their employees’ data.
Employers must maintain a record of processing activities
A clean criminal record is no longer sensitive information
The EU’s General Data Protection Regulation enters into force tomorrow (25 May 2018). The GDPR changes the legal classification of data contained in certificates of a clean criminal record. Unlike other changes in the GDPR, this change represents a step toward liberalisation. How will data of this type be treated?
A clean criminal record is no longer sensitive information
Medical data—keep or delete?
From 25 May 2018 Polish healthcare institutions will face conflicting rules on how to handle medical documentation under the EU’s General Data Protection Regulation and Polish healthcare laws. The inconsistencies could be eliminated by the new Personal Data Protection Act, but it appears unlikely that work on the new act will end on time. So what should institutions do to limit their regulatory risk?
Medical data—keep or delete?
How will the new ePrivacy Regulation affect the operation of websites?
The General Data Protection Regulation entering into force on 25 May 2018 is not the only privacy revolution in store for the EU. The proposed ePrivacy Regulation is also generating greater and greater controversy and may change the shape of the internet as we know it.
How will the new ePrivacy Regulation affect the operation of websites?
Privacy Shield has been in operation for a year, but will it continue?
The first year of functioning of the Privacy Shield programme will soon end. A review of the programme is scheduled for September 2017. It is designed to be a thorough verification of whether the programme meets the hopes pinned on it and effectively ensures adequate protection of personal data by American recipients of data registered for the programme. The review should also determine the future direction for development of the programme and identify areas requiring improvement.
Privacy Shield has been in operation for a year, but will it continue?
Privacy Shield up and running
On 12 July 2016 the European Commission adopted a decision under Directive 95/46/EC on the adequacy of the protection provided by the EU–US Privacy Shield, confirming that entities operating in the United States that meet the conditions specified in the Privacy Shield programme will be deemed to provide an adequate level of protection of personal data. This means that it will be permissible to forward personal data to such entities without the need to apply other mechanisms to ensure adequate protection of the data, such as binding corporate rules or approval of the data protection authority.
Privacy Shield up and running