French CNIL imposes GDPR penalty of 50 Million euros against Google

The GDPR related violoations causing a penalty for Google of 50 Million euros are:

1. no transparency and information: the information provided by Google is not easily accessible for users and some information is not always clear nor comprehensive
2. not having a legal basis for ads personalization processing since the consent is not validly obtained as the users’ consent is not sufficiently informed, neither “specific” nor “unambiguous”

Read more about this topic at:

Dutch blacklisted surgeon wins ‘right to be forgotten’ case

A Dutch surgeon formally disciplined for her medical negligence has won a legal action to remove Google search results about her case in a landmark “right to be forgotten” ruling.The judge said that while the information on the website with reference to the failings of the doctor in 2014 was correct, the pejorative name of the blacklist site suggested she was unfit to treat people, and that was not supported by the disciplinary panel’s findings.

Read more about this topic at:

Smart glasses and privacy (GDPR)?

Smart glasses are wearable computers with a mobile Internet connection that are worn like glasses or that are mounted on regular glasses. They allow to display information in the user’s view field and to capture information from the physical world using e.g. camera, microphone and GPS receiver for augmented-reality (AR) application.

Most of the privacy considerations on IoT devices are also applicable for smart glasses:

1. lack of data control by users and especially by non-users;
2. inferences derived from data and repursing;
3. limitations on the possibility to remain anonymous for the user;
4. lack of anonymity due to the high identifiability of the information being processed;
5. the processing of special categories of data, which requires special safeguards;
6. the security risks attached to mass market products.

Read more about this topic at:

Trade- or datawar preventing Huawei to enter 5G network in Germany?

Germany is exploring stricter security requirements which may prevent Huawei products being used in its 5G network. Many countries have pushed against the involvement of the Chinese technology firm in their 5G networks over security concerns. The networks represent the next big wave of mobile infrastructure.

In a statement, Huawei said it sees “no rational reason why it should be excluded from building 5G infrastructure in Germany, or indeed in any country in the world.”

Do you think other countries are using network, security and communication technology manufacturers to spy on you or your organisation?

Read more about this topic at:

Can Google limit “EU citizen’s right to be forgotten” for searches outside the EU?

A top court adviser, Maciej Szpunar, for the EU has said that Google can limit the “right to be forgotten” to internet searches made within the European Union. In 2016 Google was fined by France’s privacy watchdog CNIL for failing to delist sensitive information beyond the borders of the EU.

Szpunar’s opinion is “The fundamental right to be forgotten must be balanced against other fundamental rights, such as the right to data protection and the right to privacy, as well as the legitimate public interest in accessing the information sought.” on the case.

This will likely help the search giant as the European Court of Justices judges generally follow the advice of the advocate general though they are not bound to do so. The endangers the fine of $115,000 from CNIL in March 2016 for failing to delist information across national borders. What is your opinion on this matter?

Read more about this topic at:

European Commission adopts adequacy decision on Japan

The Commission has adopted today its adequacy decision on Japan, allowing personal data to flow freely between the two economies on the basis of strong protection guarantees. Before the Commission adopted its adequacy decision, Japan put in place additional safeguards to guarantee that data transferred from the EU enjoy protection guarantees in line with European standards.

This includes:

– A set of rules (Supplementary Rules) that will bridge several differences between the two data protection systems.
– The Japanese government also gave assurances to the Commission regarding safeguards concerning the access of Japanese public authorities for criminal law enforcement and national security purposes, ensuring that any such use of personal data would be limited to what is necessary and proportionate and subject to independent oversight and effective redress mechanisms.
– A complaint-handling mechanism to investigate and resolve complaints from Europeans regarding access to their data by Japanese public authorities. This new mechanism will be administered and supervised by the Japanese independent data protection authority.


Read more about this topic at:

EU Guidelines on personal data breach notification

For the European Union Institutions and Bodies these Guidelines provide recommendations and indicate best practices to implement accountability for personal data protection by helping to assess and manage the risks for data protection, privacy and other fundamental rights of individuals in case of a personal data breach.

The Guidelines describe:

– What a personal data breach is
– How to assess a personal data breach
– How to notify a personal data breach to the EDPS
– How to communicate a personal data breach to the data subject
– How to document a personal data breach