In what is today the biggest fine under the GDPR, the French Data Protection Authority CNIL investigated Google Android transparency in Data procession. The investigation was consecutive to two class actions filed on the 25th of May 2018. One by the Austrian NGO Non Of Your Business (NOYB), another by the French La Quadrature du Net (LQDN). This decision worth a close look.
The General Data Protection Regulation, or “GDPR” – “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. – was published 4 May 2016. Enforceable after a grace period of two year, from the 28th of May 2018.
The General Data Protection Regulation (GDPR) is not against data processing when done in respect with the data subject rights. The amount of electronically available data and curation and storage tools, justify a better protection. Privacy is a Fundamental Human Right, for dignity and freedom.
The General Data Protection Regulation applies to Personal Data. But do we know what exactly defines Personal Data? The UK ICO recently published a clarification document.
The crumbs of information left behind, get aggregated and build a picture, sometimes distorted, that follows us.
Since the UK referendum vote for BREXIT much has been speculated about the situation of the UK with regard to compliance to the GDPR enforceable from 28 May 2018. Although they are uncertainties, the recent UK Information Commissioner speech has reinforced the opinion that UK businesses need to get ready to comply.