Digital Single Market: European Parliament adopts new regulation on the free flow of non-personal data in the EU

On October 4, 2018, the European Parliament adopted the proposed EU Regulation on the Free Flow of Non-Personal Data in the European Union. The Regulation aims at removing obstacles to the free movement of non-personal data within the European Union. The Regulation does not cover data mobility outside the EU. The approved Regulation doesn’t have an impact on the application of the General Data Protection Regulation (GDPR), as it does not cover personal data. The two Regulations will function Read more [...]

ANTITRUST FINES OF SEVERAL MILLIONS TO APPLE AND SAMSUNG IN ITALY FOR FORCED UPDATES REDUCING DEVICE FUNCTIONALITY

On October 24, 2018, the Italian Antitrust Authority (Garante della Concorrenza e del Mercato “AGCM”) found that Apple and Samsung infringed the Italian Consumer Code. In particular, according to the AGCM the two companies released firmware updates of mobile phones that have caused serious malfunctions and significantly reduced performance, thereby accelerating the process of replacing them. The AGCM fined the companies the highest amount, taking into account the seriousness of the conduct Read more [...]

EDPS will open consultation on Guidelines on GDPR’s Territorial Scope

On September 26, 2018, the European Data Protection Board (EDPB) met for their third plenary session. During such session the EDPB adopted Guidelines on the GDPR’s Territorial Scope. The guidelines will be subject to a public consultation. The Guidelines aim at clarifying the territorial scope of the GDPR, in particular where the data controller or processor is established outside of the EU. In addition, the plenary meeting: discussed the EU-Japan draft adequacy decision; adopted Read more [...]

German DPA against Facebook for processing data without permission

On October 24, 2017, Advocate General Bot issued his preliminary opinion in case C‑210/16, opining on the definition of a data controller, applicable national law, and jurisdiction under EU data protection law under Directive 95/46/EC. The opinion is not binding but if followed by the European Court of Justice (CJEU), EU companies that have been advertising through Facebook might be considered data controllers and be accused of infringing national data protection laws. After Facebook’s privacy Read more [...]

CNIL publishes analysis of blockchain in light of the GDPR

In September 2018, the French Data Protection Agency, the Commission Nationale de l’informatique et des Libertés (CNIL) published a report explaining how Blockchain relates to the GDPR ("Report"). In particular the Report highlights the following. WHO IS THE CONTROLLER IN A BLOCKCHAIN TRANSACTION. Users of the web who decide to submit a transaction to the validation of miners are data controllers as defined under Article 4, GDPR, since they determine the purposes (such as the objectives Read more [...]