Enforcement cooperation repository / Document library
Find information provided by the Global Privacy Assembly members or by networks of data protection/privacy authorities, including highlights of their activities in their jurisdictions. Search for the keyword of your choice, which could be the name of an authority you are interested in or a topic of interest.
| Network or Authority | Resource | Type of Resource | Description of Resource | Upload date |
|---|---|---|---|---|
| Germany - Bundeskartellamt (Federal Cartel Office) | Facebook Decision of 7 February 2019 | News | Press release (text) | 29/8/2019 |
| Germany - Bundeskartellamt (Federal Cartel Office) | Facebook Decision of 7 February 2019 | Enforcement Action | Q & A (for download) | 29/8/2019 |
| Germany - Bundeskartellamt (Federal Cartel Office) | Facebook Decision of 7 February 2019 | Enforcement Action | Case Summary (for download) | 29/8/2019 |
| Germany - Bundeskartellamt (Federal Cartel Office) | Preliminary assessment in Facebook proceeding of 19 Dec 2017 | News | Press release (text) | 29/8/2019 |
| Germany - Bundeskartellamt (Federal Cartel Office) | Preliminary assessment in Facebook proceeding of 19 Dec 2017 | Enforcement Action | Background Information (for download) | 29/8/2019 |
| Catalan Data Protection Authority | Applicable Laws | Regulation | This section of the web includes national and international legislation, and the regulatory legislation of the APDCAT. | 29/8/2019 |
| Catalan Data Protection Authority | Provisions adopted by the APDCAT | Regulation | This section includes the Instruction 1/2009 of February on the processing of personal data using cameras for video surveillance purposes; Guidance regarding the publication of the ID number; Recommendation 1/2008 on the transmission by Internet of information containing personal data; Recommendation 1/2013 on the use of email in the work environment (both Recommendations available in English version), and the Audit report on the portals of transparency. | 29/8/2019 |
| Catalan Data Protection Authority | Resolutions, opinions and reports | Other | Law authorises APDCAT to exercise, among others, the function of resolving claims made by the persons concerned as regards their rights. This law also empowers the Authority to carry out inspections and impose penalties, as well as to issue authorisations for exemption from the duty of information in the collection of data and for the integral maintenance of certain data. APDCAT also attends to requests for information and enquiries made by citizens or entities that fall within its scope of action. This section includes Opinions and Resolutions regarding this function. It also includes the APDCAT reports in application of Transparency legislation. | 29/8/2019 |
| Catalan Data Protection Authority | Guidelines | Guidance | This section includes Guidelines prepared by APDCAT: Guidelines regarding data protection impact assessment (DPIA)) (available in English); “GDPR Data Processor Guide”, prepared by the APDCAT in conjunction with the Spanish Data Protection Agency and the Basque Data Protection Agency (available in English); and “Guide to comply the obligation to inform according to the GDPR”, prepared in conjunction with the Spanish Data Protection Agency and the Basque Data Protection Agency. | 29/8/2019 |
| Catalan Data Protection Authority | Education and children privacy | Guidance | Information about how children and young people can surf the internet without problems and how they should protect the personal information, including clear examples of the risk they run by posting personal information on the internet or passing it by mobile phone. It also includes the “Data Protection Guidelines for Schools” (English version), and some Guides addressed to children. | 29/8/2019 |
| Catalan Data Protection Authority | Press-releases (News) | News | In this section of the Web you will find information regarding training activities, conferences, symposiums and Conferences organized or participated by the APDCAT. | 29/8/2019 |
| Catalan Data Protection Authority | Smart Cities | This section includes, aware of the implication that the development of Smart Cities may have on the personal data and privacy rights, a Document for debate, a bibliography, and audio-visual materials to contribute to the debate regarding this issue. | 29/8/2019 | |
| Netherlands - Dutch Data Protection Authority (Autoriteit Persoonsgegevens, NL DPA) | Annual report 2018 | Report | 29/8/2019 | |
| Netherlands - Dutch Data Protection Authority (Autoriteit Persoonsgegevens, NL DPA) | Supervisory framework 2018-2019 | Report | 29/8/2019 | |
| Netherlands - Dutch Data Protection Authority (Autoriteit Persoonsgegevens, NL DPA) | Hospital fined for insufficient internal protection of patient files | News | 29/8/2019 | |
| Netherlands - Dutch Data Protection Authority (Autoriteit Persoonsgegevens, NL DPA) | Letter on cookies and consent | News | 29/8/2019 | |
| Netherlands - Dutch Data Protection Authority (Autoriteit Persoonsgegevens, NL DPA) | Almost 10.000 complaints filed at Dutch Data Protection Authority | News | 29/8/2019 | |
| Netherlands - Dutch Data Protection Authority (Autoriteit Persoonsgegevens, NL DPA) | Uber fined by Dutch DPA for data breach (available in English) | News | 29/8/2019 | |
| Germany - Federal Commissioner for Data Protection and Freedom of Information | Statement on Bundeskartellamt Facebook decision of 7 February 2019 | News | 29/8/2019 | |
| Germany - Federal Commissioner for Data Protection and Freedom of Information | Statement “Federal Commissioner for Data Protection and Freedom of Information approves pursuant to Art. 46 (3) b GDPR a multilateral administrative arrangement concluded by ESMA and IOSCO on cross-border data transfers”, issued on 24th April 2019 (German) | News | 29/8/2019 | |
| Germany - Federal Commissioner for Data Protection and Freedom of Information | Statement on “Mobile Payments – but not with my personal data”, issued on 5th February 2019 as press release 05/2019 (German language only) | News | 29/8/2019 | |
| Germany - Federal Commissioner for Data Protection and Freedom of Information | Press release on “The First Anniversary of the GDPR - a Success with Potential for Further Growth”, issued on 25 May 2019 | News | 29/8/2019 | |
| Germany - Federal Commissioner for Data Protection and Freedom of Information | Statement of 26 April 2019 on Facebook-Cambridge-Analytica | News | 29/8/2019 | |
| Germany - Federal Commissioner for Data Protection and Freedom of Information | “Hambach Declaration” on Artificial Intelligence | Other | 29/8/2019 | |
| Switzerland - Federal Data Protection and Information Commissioner | Guide on digital processing in connection with elections and voting | Guidance | Guide by the data protection authorities of the Confederation and the Cantons on the application of data procession laws to the digital processing in connection with elections and voting in Switzerland. | 29/8/2019 |
| Switzerland - Federal Data Protection and Information Commissioner | The GDPR and its consequences for Switzerland | Regulation | 29/8/2019 | |
| Switzerland - Federal Data Protection and Information Commissioner | Annual report 2018-2019 | Report | 29/8/2019 | |
| Gibraltar Regulatory Authority | Global Privacy Enforcement Network Sweep 2018 | News | Press release. On a yearly basis, the Gibraltar Regulatory Authority participates in the Global Privacy Enforcement Network’s (“GPEN”) annual intelligence gathering operation, called a “Sweep”. In 2018 the Sweep looked at how well organisations have implemented the core concepts of accountability into their own internal privacy policies and programmes. Locally, the GRA focussed on privacy accountability in the telecommunications sector. In short, the study looked at how organisations have taken responsibility for complying with data protection laws. | 29/8/2019 |
| Gibraltar Regulatory Authority | Guidance on the Information Commissioner’s Regulatory Action | Guidance | This guidance note provides guidance on the regulatory action that the Information Commissioner may take under the Data Protection Act 2004 and the General Data Protection Regulation. In addition to this it provides information on how the Information Commissioner proposes to exercise his functions in connection with information notices, assessment notices, enforcement notices, and penalty notices. | 29/8/2019 |
| Gibraltar Regulatory Authority | 2017/2018 Annual Report | Report | This Annual Report of the Gibraltar Regulatory Authority was prepared in accordance with Section 19 (1) of the Gibraltar Regulatory Act 2000 and covers the period 1st April 2017 to 31st March 2018. The Annual Report includes outcomes and decisions made by the Information Commissioner regarding investigations and data breaches and a section on the Gibraltar Regulatory Authority’s international participation in Data Protection related events and conferences. Please refer to pages 25 to 36 for a summary of the work done by the Information Rights Division of the Gibraltar Regulatory Authority. In particular, page 34 contains a summary of the enforcement action taken by the authority in the relevant financial year. | 29/8/2019 |
| Gibraltar Regulatory Authority | Data Protection Act 2004 | Regulation | When the Data Protection Act 2004 was implemented, it granted new rights to individuals regarding how their personal data are collected and used by both private and public sector bodies. In addition to this, those bodies are obliged to obey rules governing how they collect and use data. Amendments were made in 2018 in order to implement into the law of Gibraltar the General Data Protection Regulation. | 29/8/2019 |
| Gibraltar Regulatory Authority | Communications (Personal Data and Privacy) Regulations 2006 | Regulation | In Gibraltar, electronic direct marketing is regulated by the Data Protection Act 2004, the General Data Protection Regulation and the Communications (Personal Data and Privacy) Regulations 2006. In particular, in accordance with regulation 23 of the Privacy Regulations, direct marketing via electronic mail should only be conducted where an individual has given prior consent, unless the contact is with previous customers about similar products, and where an opt-out from marketing was provided to the individual when their details were collected. The Information Commissioner has enforcement powers under the Privacy Regulations. | 29/8/2019 |
| United Kingdom - Information Commissioner's Office (ICO) | Investigation into data protection compliance in the direct marketing data broking sector | Investigation Report | A report on the ICO’s investigation into the offline marketing services of the data broker industry, including key findings and action taken. | 03/02/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | Experian enforcement notice | Enforcement Notice | Notice compelling Experian to make changes to how it handles personal data within its direct marketing services. | 03/02/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | Investigation into the use of data analytics in political campaigns | Report | ICO’s report to the UK Parliament on its investigation into data analytics for political purposes, plus a further update report and associated materials. | 29/8/2019 |
| United Kingdom - Information Commissioner's Office (ICO) | Equifax Limited Monetary Penalty Notice | Enforcement Action | Notice confirming imposition of £500,000 fine for failing to protect the personal information of up to 15 million UK citizens during a cyber-attack in 2017. | 29/8/2019 |
| United Kingdom - Information Commissioner's Office (ICO) | Smarthome Protection Limited Monetary Penalty Notice | Enforcement Action | Notice confirming imposition of £90,000 fine for making 118,000 unlawful marketing calls to people registered with the Telephone Preference Service (TPS) who wished to opt out of receiving such calls. | 29/8/2019 |
| United Kingdom - Information Commissioner's Office (ICO) | Update report into Adtech and real time bidding | Policy and Research? | A report which clarifies the ICO’s views on Adtech, specifically the use of personal data in Real Time Bidding in the online advertising industry, and sets out the ICO’s intended next steps. | 29/8/2019 |
| United Kingdom - Information Commissioner's Office (ICO) | Security Outcomes guidance | Guidance | Joint security principles between the UK National Cyber Security Centre and the ICO. | 29/8/2019 |
| United Kingdom - Information Commissioner's Office (ICO) | Explaining Decisions Made with AI | Guidance | This co-badged guidance by the ICO and The Alan Turing Institute aims to give organisations practical advice to help explain the processes, services and decisions delivered or assisted by AI, to the individuals affected by them. | 25/08/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | Guidance on AI and Data Protection | Guidance | This guidance covers what we think is best practice for data protection-compliant AI, as well as how we interpret data protection law as it applies to AI systems that process personal data. | 25/08/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | ICO investigation into how the police use facial recognition technology in public places | Report | ICO investigation into the use of live facial recognition (LFR) technology by law enforcement in England and Wales. | 25/08/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | Mobile phone data extraction by police forces in England and Wales | Report | ICO investigation into the process known as Mobile Phone Extraction (MPE), used by police forces when conducting criminal investigations in England and Wales. | 25/08/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | Joint statement on global privacy expectations of Video Teleconferencing companies | Other | An open letter to companies providing Video Teleconferencing (VTC) services, written by a subset of the global privacy regulatory community, with responsibility for protecting the privacy rights of citizens across the world. | 25/08/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | ICO – OAIC Memorandum of Understanding | Other | A Memorandum of Understanding (MoU) between the UK Information Commissioner’s Office and the Office of the Australian Information Commissioner. | 25/08/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | ICO Annual Report 2019-20 | Report | The UK ICO’s Annual Report and Financial Statements 2019-20. The report is split into three sections, covering our Performance report, our Accountability report, and our Financial statements. | 25/08/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | Regulatory Priorities 2020-21 Infographic | Other | Priorities during COVID-19 and beyond – 2020-21. | 25/08/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | Regulatory Sandbox Final Report – JISC | Report | A summary of Jisc’s participation in the ICO’s Regulatory Sandbox Beta (June 2020). | 25/08/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | Regulatory Sandbox Final Report – Heathrow Airport Ltd | Report | A summary of Heathrow Airport’s participation in the ICO’s Regulatory Sandbox Beta (June 2020). | 25/08/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | Monetary Penalty Notice – Doorstep Dispensaree | Enforcement Action | A penalty notice issued by the ICO to Doorstep Dispensaree Limited under s.155 of the Data Protection Act 2018. | 25/08/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | Monetary Penalty Notice – Cathay Pacific | Enforcement Action | A monetary penalty issued by the ICO to Cathay Pacific under s.55A of the Data Protection Act 2018. | 25/08/2020 |
| United Kingdom - Information Commissioner's Office (ICO) | Monetary Penalty Notice – DSG Retail | Enforcement Action | A monetary penalty issued by the ICO to DSG Retail Limited under s.55A of the Data Protection Act 2018. | 25/08/2020 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Privacy Notice Generator for the private sector | Tool | The Privacy Notice Generator (GAP) is a computer tool available on the INAI website, through which privacy notices can be made with the informative elements required by the standard. This tool is free of charge. With this tool, the Institute facilitates to the regulated subjects by the LFPDPPP, the fulfillment of its obligation to make available to the data subjects data privacy notices with the requirements demanded by the standard, on the other. It also helps the data subjects to have privacy notices that efficiently inform the main characteristics of the processing to which their personal data will be submitted, so that they can make accurate decisions regarding their personal information. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Guide to comply with the principles and duties of the Federal Law on Protection of Personal Data Held by Private Parties | Guidance | In July 2014, the compliance Guide for the principles and duties of the Federal Law on Protection of Personal Data Held by Private Parties was published. The purpose of this guide is to help and guide data controllers to: 1. Recognize the obligations in personal data protection established in the LFPDPPP, its Regulations and other related outcomes that are imposed to them. 2. Make a diagnosis of your organization to know how personal data (personal data flow) is processed and what is the current status of compliance with its obligations in the matter. 3. Know the minimum actions and controls that you must perform and establish to fulfill your obligations in the matter. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Corpus Iuris on personal data protection | Tool | The Corpus Iuris project regarding Personal Data Protection arises within the Ibero-American Data Protection Network, with the aim of having a tool that allows a simple and systematized access to a large set of documents, standards and precedents that show the development that has had the protection of personal data as a human right, the degrees of progress that it has reached, as well as the areas that need to be reinforced, to continue developing, or, which represent new challenges in the matter. The Corpus Iuris tool regarding Personal Data Protection is composed of two sections: one dedicated to international documents and another to national documents of the different countries that constitute the Ibero-American Data Protection Network. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Generator of Privacy Notices for the Public Sector | Tool | The Generator of Privacy Notices for the Public Sector is a computer tool that allows public sector data controllers to issue their privacy notices in any of the modalities provided for in the General Law on Protection of Personal Data Held by Obligated Parties and the General Guidelines for the Protection of Personal Data for that sector, by systematizing the information in a dynamic questionnaire divided into sections, which include interactive support elements per question, so data controllers, without being specialists in the field, may be able to prepare their privacy notices based on the processing of personal data they perform, in an editable format . | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Guide to Prevent Identity Theft | Guidance | It is intended for people to have information on how to protect their personal data and thus reduce the risk of being victims of this crime. The Guide to Prevent Identity Theft helps answer questions such as What is identity theft? How can identity theft may affect you? How your identity can be stolen? How to protect your identity? How to know if I have been a victim of identity theft? What should I do if my information was lost or exposed? What should I do if I have been a victim of identity theft? Where/ to whom should I go to? The Guide also includes: Ten useful tips to prevent identity theft; Real cases, and a self-assessment to identify how vulnerable each person is to identity theft. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Monsters online | Tool | This series is a multi-platform initiative (television series, interactive guides, online games, electronic books, among others), designed to support children, families and educators in the creation of good habits for safe (with protection of personal data and privacy) and helpful use of information and communication technologies. the transmission of the series Monsters in Network started on September 4, 2017, via Canal Once, Once Niños and on the YouTube Kids channel, as well as the YouTube channels of Sesame Street and INAI. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Guide for Data Subjects | Guidance | The Guide for Data Subjects aims to explain, in a simple way, to what is the right to the protection of personal data, why it is important to take care of your personal information, how they can exercise the right and to whom they can complain in case they consider that their right has not been respected. The above with the purpose of spreading the knowledge of this human right, so that people can exercise it in an informed way and when required in order to protect their interests. The Guide is divided into four volumes, in order to make consultation simpler. These volumes are: Volume 1. General Concepts of personal data protection; Volume 2. Guiding principles of personal data protection; Volume 3. The ARCO Rights; Volume 4. Personal data procedures according to the INAI. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Guidelines to keep your privacy and personal data safe in a digital environment | Guidance | The Recommendations to keep your privacy and personal data safe in the digital environment (Recommendations for the digital environment or Recommendations), are intended to explain, in a clear and simple way, a series of practical tips on security settings, mobile applications and software in general (free or with cost), which are considered useful for users or holders of personal data to keep their privacy and personal data secure in the digital environment. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Guide for the processing of biometric data | Guidance | Guide aimed to data controllers and data processors of the public and private sectors, who are currently seeking or processing biometric data through digital or automated means, in order for the processing to be carried out in accordance with the principles, duties and obligations established in the LFPDPPP (in Spanish) and the LGPDPPSO (in Spanish), as well as other applicable regulations | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Handbook on personal data security for MSMEs and small organizations | Guidance | The handbook aims to provide data controllers and data processors who do not have technical knowledge in the field of security, a free and easy-to-understand document, that takes as a reference the main criteria and concepts of the Recommendations regarding security of personal data, issued by the INAI, for the identification and implementation of basic security controls for the protection of personal data. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Guide for the secure erasing of personal data | Guidance | The Guide provides data controllers with the recommended methods and techniques for the safe disposal of personal data, which prevent unauthorized recovery and misuse. The Guide for Secure Erasing of Personal Data answers questions such as: What is secure erasure? Why is secure erasure important? What are the benefits of secure erasure? What methods do not securely erase personal data? How to safely erase personal data? And what is the most convenient secure erase method? | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Recommendations for handling personal data security incidents | Guidance | The objective of the Recommendations for handling personal data security incidents is to describe the processes and controls recommended by the Institute to generate a security incident response plan, in particular to mitigate personal data security breaches. These recommendations will help and guide data controllers to: 1. Recognize the differences between alerts and security incidents; 2. Develop a plan to respond to security incidents, in accordance with international standards; 3. Use reference formats to document security incidents. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Minimum Criteria suggested for the contracting of Cloud Computing services that involve the processing of personal data | Guidance | The document aims to establish minimum considerations to guide data controllers for the selection and hiring of cloud computing providers. The objective is that the infrastructure services, platforms and software of the so-called cloud computing offer the guarantees of a due processing of personal data, in order to comply with the obligations established by the regulations in the matter and avoid personal data breaches. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Breaches Evaluator | Tool | The Breaches Evaluator is a tool that allows users (data controllers or obliged parties of the Federal Law on Protection of Personal Data Held by Private Parties and the General Law on Protection of Personal Data Held by Obligated Parties) to register and document existing and missing security measures that help them to minimize the occurrence and impact of personal data security breaches. The tool consists of a series of closed questions related to risks in the processing of personal data | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Guiding document for the elaboration of the Protection of Personal Data Program | Guidance | This document guides those data controllers for developing a Personal Data Protection Program based on a management system that allows to provide the elements and activities of management, operation and control of the organization's processes. The foregoing, to systematically and continuously protect the personal data in their possession. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Guiding document for the elaboration of the Protection of Personal Data Program (Annexes) | Guidance | The annexes are a compendium of ten documents that complement the guiding document for the elaboration of the Personal Data Protection Program. These documents identify the general actions, in addition to the specific ones that each administrative unit of the obligated parties will have to perform, to fulfill their obligations regarding personal data protection. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Guide to implement a Personal Data Management System | Guidance | The Guide to implement a Personal Data Security Management System, is based on the Plan–Do–Check–Act cycle, because, through the execution of 9 actions for the security of personal data through a process of continuous improvement, an acceptable level of risk in the processing of personal information is achieved, depending on the model and objectives of the organization. This Guide consists of an exercise of precision, synthesis and harmonization of international standards and best practices in the field of personal data security. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Article 16, second paragraph of the Political Constitution of the United Mexican States | Regulation | Its purpose is to recognize the fundamental right to the protection of personal data in Mexico. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) and its Additional Protocol regarding supervisory authorities and transborder data flows, made in Strasbourg, France, on January 28, 1981, a | Regulation | They have the objective of guaranteeing, in the territory of each Party, to any natural person, regardless of their nationality or residence, the respect for their fundamental rights and freedoms, specifically their right to privacy with respect to the automated processing of personal data ("data protection"). | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | General Law on Protection of Personal Data Held by Obligated Parties | Regulation | It seeks to establish the bases, principles and procedures to guarantee the right to the protection of personal data held by any authority, entity, body and agency of the Executive, Legislative and Judicial Powers, autonomous bodies, political parties and trusts and public funds in the federal, state and local sphere. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | General Guidelines for the Protection of Personal Data for the Public Sector | Regulation | They intend to develop the provisions set forth in the General Law on Protection of Personal Data Held by Obligated Parties, particularly for the federal public sector. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | General Guidelines for the National Institute for Transparency, Access to Information and Personal Data Protection to exercise the power of attraction | Regulation | They are intended to recognize the elements that the Institute must assess in the exercise of its power of attraction over those reviews or appeals that are the original competence of the supervisory agencies of the federal entities, but for their interest and importance in the protection of personal data must know and resolve when approved by the majority of its Commissioners. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Guidelines that establish the parameters, modalities and procedures for the portability of personal data | Regulation | Its objective is to establish the parameters that determine the assumptions that underlie a structured and commonly used format, as well as the technical standards, modalities and procedures for the transmission of personal data. This, in order to guarantee the exercise of the right to data portability referred to in article 57 of the General Law or those that correspond in Federal entities’ legislations on this matter. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | General criteria for the implementation of compensatory measures in the public sector of the federal, state and municipal order | Regulation | Its purpose is to establish the parameters through which any authority, agency, entity, body or agency of the Executive, Legislative and Judicial Powers, autonomous constitutional bodies, administrative courts, trusts and public funds, of the federal, state and municipal order, as well as political parties, may implement compensatory measures. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | General administrative provisions for the preparation, presentation and evaluation of Data Protection Impact Assessment | Regulation | The objective is to establish the general framework applicable in the preparation, presentation and assessment of Data Protection Impact Assessment | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Federal Law on Protection of Personal Data Held by Private Parties | Regulation | It has the purpose of protecting personal data held by private parties, in order to regulate its legitimate, controlled and informed processing, to ensure the privacy and the right to informational self-determination of individuals. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Regulations to the Federal Law on the Protection of Personal Data Held by Private Parties | Regulation | Its purpose is to regulate the provisions of the Federal Law on Protection of Personal Data Held by Private Parties. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Privacy Notice Guidelines | Regulation | They are intended to establish the content and scope of privacy notices, in terms of the provisions established in the Federal Law on Protection of Personal Data Held by Private Parties and in its Regulations. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Guidelines for Procedures of Protection of Rights, Investigation and Verification, and Sanctions | Regulation | They have the objective to develop, inform and specify the formalities that must be observed during the procedures for the protection of rights, verification and imposition of sanctions, in terms of the provisions set forth in the Federal Law on Protection of Personal Data Held by Private Parties and in its Regulations. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Self-regulation Parameters regarding Personal Data Protection | Regulation | They intend to establish rules, criteria and procedures for the correct development and implementation of the binding self-regulation schemes on personal data protection, referred to in articles 44 of the Federal Law on Protection of Personal Data Held by Private Parties and in articles 79, 80, 81, 82, 83, 84, 85 and 86 of its Regulations. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | General criteria for the implementation of compensatory measures without the express authorization of the Federal Institute for Access to Information and Personal Data Protection | Regulation | Its purpose is to establish the general framework through which those data controllers can implement, without the express authorization of the Federal Institute for Access to Information and Data Protection, the compensatory measures of mass communication referred to in articles 18, last paragraph, of the Federal Law on Protection of Personal Data Held by Private Parties, and 32, first paragraph, of its Regulations. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Operation rules of the Registry of Binding Self-Regulation Schemes | Regulation | The objective is to define and describe the operational aspects and necessary procedures for the operation of the Registry of Binding Self-Regulation Schemes on personal data protection set forth in Article 86 of the Regulations of the Federal Law on Protection of Personal Data Held by Private Parties and Chapter V of the Self-Regulation Parameters regarding Personal Data Protection. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Guidelines for the use of hyperlinks on a website of the National Institute for Transparency, Access to Information and Personal Data Protection, to publicize privacy notices through compensatory measures | Regulation | They intend to establish the criteria, conditions and procedure so that those data controllers can provide privacy notices through the implementation of compensatory measures through hyperlinks located on a website of the National Institute for Transparency, Access to Information and Personal Data Protection, in accordance with article 35, section IV, of the Regulations of the Federal Law on Protection of Personal Data Held by Private Parties and Seventeenth, section IV, of the General criteria for the implementation of compensatory measures without the express authorization of the Federal Institute for Access to Information and Personal Data Protection. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Case “Classification of personal data of the Interbank CLABE” | Enforcement Action | Complaint was filed against a financial institution, since it improperly provided the complainant´s standardized interbank key (CLABE), to a third party. Three fines were imposed which, in total, amounted to $ 17,495,400.00 Mexican pesos, for contravening the principles of responsibility and lawfulness and for breaching the duty of confidentiality, having delivered a document containing the complainant´s CLABE to a third party. In addition, the financial institution transferred personal data of patrimonial character, without obtaining the data subject´s expressed consent. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Case “Higher fine imposed by the INAI” | Enforcement Action | A complaint was received against a financial institution, since it signed an automobile credit agreement with the complainant, through which it obtained some personal data, including sensitive personal data related to health status of the data subject and of her spouse who was not part of the contract. This, without providing a privacy notice. After substantiating the procedure, it was determined to impose three fines: $ 4,787,591.00 Mexican pesos for treating personal data in violation of the principles of information, proportionality and legality; $ 9,272,100.00 Mexican pesos since the financial institution collected sensitive personal data from the spouse of the complainant without obtaining their express consent; and $ 8,673,900.00 Mexican pesos due to the fact that a sensitive database was maintained without justifying its existence. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Case “Access to clinical file” | Enforcement Action | A procedure for imposing sanctions against a hospital was initiated because a data subject submitted a request for the protection of its rights. This, because the data controller did not respond to the data controller’s request for access to a certified copy of the entire clinical record which was generated when she was admitted to the Hospital for the birth of her son. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | INAI resolved a file regarding the illegal disclosure of a child's health condition | Enforcement Action | The INAI received a complaint regarding the publication, in an electronic public access portal, of sensitive personal data of a minor (name associated with health condition for which she was treated as a beneficiary of medical expenses insurance contracted by the data controller). | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | INAI resolved a file regarding a person who argues the illegal disclosure of their personal data in a WhatsApp group | Enforcement Action | The INAI received a complaint regarding the disclosure of a personal data format collected by the human resources area of the obligated party thorough a private WhatsApp chat. In this regard, the guarantor body developed a prior investigation and the substantiation of the respective verification procedure regarding personal data protection, after which the improper dissemination of personal data was deemed accredited. It was resolved that the obligated party (data controller) breached the principle of legality; as well as the duties of confidentiality and security. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Processing of personal data of minors by a child care center | Enforcement Action | A complaint was received alleging a breach of the Federal Law on Protection of Personal Data Held by Private Parties. The breach involved the allegation that the data controller had published, on Facebook, photographs of minors, including the complainant´s son, without having obtained the complainant´s consent. | 29/8/2019 |
| Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) | Disclosure of Personal Data on the Internet | Enforcement Action | This Institute noticed that the data controller allegedly disclosed, on the Internet, proof of residency and bank statements, which contain personal data including: as names, addresses and property data of third parties, without requiring any type of authentication for consultation, so which it is freely accessible. For this reason, an ex-officio verification procedure was initiated. | 29/8/2019 |
| Australia - Office of the Australian Information Commissioner | Guide to securing personal information | Guidance | 29/8/2019 | |
| Australia - Office of the Australian Information Commissioner | Guide to securing personal information | Guidance | 29/8/2019 | |
| Australia - Office of the Australian Information Commissioner | NDB 12 month insights report | Report | 29/8/2019 | |
| Australia - Office of the Australian Information Commissioner | OAIC guide to regulatory action | Other | 29/8/2019 | |
| Australia - Office of the Australian Information Commissioner | PIA e-learning tool | Other | 29/8/2019 | |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Report of findings: Joint investigation of Facebook, Inc. by the Privacy Commissioner of Canada and the Information and Privacy Commissioner for British Columbia Facebook | Enforcement Action | Findings from our investigation into Facebook’s practices surrounding the disclosure of personal information to apps, including those related to the Cambridge Analytica scandal. We found that Facebook did not obtain meaningful consent, had inadequate safeguards and demonstrated a lack of accountability for the personal information within their control. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Report of Findings: Joint investigation of Ashley Madison by the Privacy Commissioner of Canada and the Australian Privacy Commissioner/Acting Australian Information Commissioner | Enforcement Action | Analysis against Canadian and Australian privacy law of the privacy practices of AshleyMadison.com (a dating website operated by a relatively small Canadian based business) after a large global privacy breach in 2015. It covers the following topics: adequacy of security practices (including security governance), indefinite retention of personal information, charging of fees for deletion of personal information, adequacy of measures to ensure accuracy of personal information (in this case the actual identity of site users), and requirements for consent and transparency. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Report of Findings: Investigation into Equifax Inc. and Equifax Canada Co.’s compliance with PIPEDA in light of the 2017 breach of personal information | Enforcement Action | This report includes analysis against Canadian privacy law of the privacy practices of Equifax Canada and Equifax Inc. (credit reporting agencies) after a large global data breach in 2017. It covers the following topics: adequacy of security practices (including governance, vulnerability management, and network segregation), indefinite retention of personal information, accountability and consent required for the flow of information between Equifax Canada and its parent Equifax Inc. (located outside of Canada), adequacy of post-breach remediation offered to affected individuals. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Gaming and personal information: playing with privacy | Guidance | 29/8/2019 | |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Joint guidance with the Chief Electoral Officer on political parties to help political parties protect the personal information of Canadians | Guidance | 29/8/2019 | |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Cannabis Guidance | Guidance | 29/8/2019 | |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Your privacy at airports and borders | Guidance | 29/8/2019 | |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Mandatory Breach reporting guidance | Guidance | 29/8/2019 | |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Guidelines for obtaining meaningful consent | Guidance | 29/8/2019 | |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Guidance on inappropriate data practices | Guidance | 29/8/2019 | |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Draft Position on Online Reputation | Guidance | 29/8/2019 | |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Direct-to-consumer genetic testing guidance | Guidance | 29/8/2019 | |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Technology Factsheets | Guidance | Fact Sheets with quick tips and suggestions to easily implement online privacy. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Staying safe on social media | Guidance | Fact Sheets with quick tips and suggestions to easily implement online privacy. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Tips for using privacy settings | Guidance | Fact Sheets with quick tips and suggestions to easily implement online privacy. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Tips for creating and managing your passwords | Guidance | Fact Sheets with quick tips and suggestions to easily implement online privacy. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Printable graphics with general guidance and advice for organisations and the public | Guidance | Printable graphics that include top tips to help the public understand their privacy rights. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Privacy education for kids | Guidance | Resources for both teachers and parents in terms of promoting privacy protection for children of various ages. This includes activity sheets, topics to talk about, quizzes and videos. It includes “house rule” suggestions for parents who wish to protect their children’s privacy in the home. It also focuses how teachers or parents can encourage online privacy on a daily basis. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | 5 Tips for Protecting Yourself Online | Guidance | Printable information cards. Each of these information cards are targeted to the public, using quick tips and vibrant graphics. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | 5 Ways to Safeguard Your Mobile Device | Guidance | Printable information cards. Each of these information cards are targeted to the public, using quick tips and vibrant graphics. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | The Internet of Things: 4 Steps for Reducing Your Privacy Risk | Guidance | Printable information cards. Each of these information cards are targeted to the public, using quick tips and vibrant graphics. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | 5 Tips for Raising a Privacy Concern with a Business | Guidance | Printable information cards with tips and advice on how individuals, children and Canadians in general, can protect their own privacy. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Help Protect Kids’ Online Privacy | Guidance | Printable information cards with tips and advice on how individuals, children and Canadians in general, can protect their own privacy. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Know your privacy rights | Guidance | Printable information cards with tips and advice on how individuals, children and Canadians in general, can protect their own privacy. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | 10 tips for protecting personal information | Guidance | Printable information cards with tips and advice on how individuals, children and Canadians in general, can protect their own privacy. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Be privacy powerful: Check and adjust your privacy settings | Guidance | This video provides guidance on how Canadian’s can control their privacy settings online and lists advice on how to increase your privacy power. The video also discusses what privacy controls are available to individuals who are online. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Be privacy powerful: Use strong passwords | Guidance | This video explains the importance of, and tips for, making strong and hard to guess passwords in order to strengthen online privacy. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Be privacy powerful: Know how to access your personal information | Guidance | This video provides guidance on how Canadians can access their personal information, and includes steps they can take to obtain access, as well as obligations of organizations and government institutions, and exemptions to access [as listed in the legislation]. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Be privacy proficient: Get meaningful consent | Guidance | This video provides guidance on how organizations must obtain meaningful consent prior to collecting personal information from individuals. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Privacy Tech-Know blogs | Policy and Research | Blogs offer technology analysis and cover topics such as cryptography and public-key cryptography; and artificial intelligence. | 29/8/2019 |
| Canada - Office of the Privacy Commissioner of Canada (OPC) | Privacy Enhancing Technologies – A Review of Tools and Techniques | Policy and Research | This report discusses Privacy Enhancing Technologies that can help address risks to privacy that are becoming more apparent over time. This report touches on a variety of sub-topics, such as informed consent, data tracking, technical enforcement, and plans for progression using PET. | 29/8/2019 |
| Hong Kong - Privacy Commissioner for Personal Data | Hong Kong SAR and Korea signed MOU to foster Personal Data Privacy Protection (29 November 2002) | News | 29/8/2019 | |
| Hong Kong - Privacy Commissioner for Personal Data | PCPD Signs Joint Declaration on Privacy Research, Education and Policy Co-operation in Asian Region (10 November 2016) | News | 29/8/2019 | |
| Hong Kong - Privacy Commissioner for Personal Data | Hong Kong and Singapore Sign MOU to Strengthen Cooperation in Personal Data Protection | News | 29/8/2019 | |
| Hong Kong - Privacy Commissioner for Personal Data | Findings in the investigation on a data breach of Cathay Pacific Airways affecting 9.4 million passengers worldwide | Enforcement Action | 29/8/2019 | |
| OIAC | Guide to Securing Personal Information/ | Guide | This ‘Guide to Securing Personal Information’ (Guide) provides guidance on the reasonable steps entities are required to take under the Privacy Act 1988 (Cth) (Privacy Act) to protect the personal information they hold from misuse, interference, loss, and from unauthorised access, modification or disclosure. | 5/11/2021 |
| OAIC | Notifiable Data Breaches Report: July–December 2020 | Report | The Office of the Australian Information Commissioner (OAIC) periodically publishes statistical information about notifications received under the Notifiable Data Breaches (NDB) scheme to assist entities and the public to understand the operation of the scheme. This report captures notifications made under the NDB scheme for the period from 1 July to 31 December 2020. | 5/11/2021 |
| OAIC | OAIC guide to privacy regulatory action | Guide | The Guide to Privacy Regulatory Action sets out a detailed explanation of particular privacy regulatory powers, looking at the legislative framework and purpose of the power, and the procedural steps the Office of the Australian Information Commissioner will take in the exercise of the regulatory power. | 5/11/2021 |
| OAIC | PIA e-learning tool | E-learning tool | Office of the Australian Information Commissioner’s (OAIC) eLearning course on conducting a privacy impact assessment (PIA). | 5/11/2021 |
| APEC | Cross Border Privacy Enforcement Arrangement | Privacy Enforcement Arrangement | The APEC Cross-border Privacy Enforcement Arrangement (CPEA) creates a framework for regional cooperation in the enforcement of Privacy Laws. Any Privacy Enforcement Authority (PE Authority) in an APEC economy may participate. | 5/11/2021 |
| PCPD | The Privacy Commissioner for Personal Data, Hong Kong, China and United Kingdom Information Commissioner Signed MOU | Press Release | The Privacy Commissioner for Personal Data, Hong Kong, China and the United Kingdom Information Commissioner signed a Memorandum of Understanding on 29 July 2020, demonstrating that the two authorities would work together where necessary when our citizens’ data is at risk. | 5/11/2021 |
| PCPD | Instant Messaging App Changed its Terms of Service and Privacy Policy – The Privacy Commissioner Appealed to Users to Carefully Consider the New Terms | Press Release | The Privacy Commissioner for Personal Data, Hong Kong, China noted that WhatsApp had announced in January 2021 changes to its Terms of Service and Privacy Policy and appealed to WhatsApp to take four suggested actions. | 5/11/2021 |
| PCPD | The Privacy Commissioner Welcomes WhatsApp’s Acceptance of Suggestions to Provide Alternatives to Users | Press Release | The Privacy Commissioner for Personal Data, Hong Kong, China welcomed WhatsApp’s acceptance of suggestions in May 2021 to provide practical alternatives to users who do not agree to the new Terms of Service and Privacy Policy. | 5/11/2021 |
| GRA Privacy | Gibraltar General Data Protection Regulation and Data Protection Act 2004 | DP Legislation | Gibraltar’s data protection law consists of both the Gibraltar General Data Protection Regulation and the Data Protection Act 2004. | 5/11/2021 |
| GRA Privacy | Guidance on the Information Commissioner’s Regulatory Action | Regulatory Action | This guidance note provides guidance on the regulatory action that the Information Commissioner may take under the Data Protection Act 2004 and the Gibraltar General Data Protection Regulation, including information on how the Information Commissioner proposes to exercise his functions in connection with information notices; assessment notices; enforcement notices; and penalty notices. | 5/11/2021 |
| GRA Privacy | Investigations undertaken by the Information Commissioner | Investigations, Breach Notifications and Enforcement | As part of his duties, the Information Commissioner conducts investigations on the application of data protection law in Gibraltar. Investigations may be as a result of information obtained that provokes compliance concerns, a complaint lodged or information/complaint referred by another data protection authority or other public authority. Investigations are also undertaken into breach notifications received, with appropriate action taken where necessary and appropriate. The following links provide tables listing the investigations conducted by the Information Commissioner since 25th May 2018. Within the table there are short summaries relating to each referenced investigation. These include details of whether the Information Commissioner took any enforcement action. | 5/11/2021 |
| ADGM | ADGM enacts its new Data Protection Regulations 2021 | Press release | Press release (text). ADGM enacts its new Data Protection Regulations 2021 and Mr Sami Mohammed is appointed Commissioner of Data Protection. | 5/11/2021 |
| Norwegian DPA | Basaren Drift AS fined | Press release | The Norwegian Data Protection Authority has fined Basaren Drift AS EUR 20,000 (NOK 200,000) for a GDPR violation. The case relates to CCTV surveillance of restaurant premises. | 5/11/2021 |
| Norwegian DPA | Municipality of Asker fined | Press release | The Norwegian Data Protection Authority has fined Asker municipality EUR 100,000 (NOK 1,000,000). The Municipality was fined for publishing confidential personal data and National Identity Numbers (NID) on its website. | 5/11/2021 |
| Norwegian DPA | Miljø- og Kvalitetsledelse AS fined | Press release | The Norwegian Data Protection Authority has fined the company Miljø- og Kvalitetsledelse AS EUR 3,500 (NOK 35,000) for illegal distribution of personal data from camera recordings. | 5/11/2021 |
| Norwegian DPA | Dragefossen AS fined/ | Press release | The Norwegian Data Protection Agency has fined the power company Dragefossen AS EUR 15,000 (NOK 150,000). The fine was imposed after the company put the city centre of Rognan under CCTV surveillance and live-streamed the images without legal basis. | 5/11/2021 |
| Norwegian DPA | Ålesund municipality fined for use of Strava | Press release | The Norwegian Data Protection Authority has fined Ålesund municipality EUR 5,000 (NOK 50,000) for its use of the fitness app Strava. | 5/11/2021 |
| Norwegian DPA | Fined for illegal forwarding of e-mail | Press release | A business has been fined EUR 25,000 (NOK 250,000) for illegal forwarding of an employee's e-mails. The name of the business has been withheld from public disclosure to protect the identities of its employees. | 5/11/2021 |
| Norwegian DPA | Norwegian DPA issues fine to Cyberbook AS | Press release | The Norwegian Data Protection Authority has fined Cyberbook AS EUR 20 000 (NOK 200,000) for unlawfully setting up the automatic forwarding of a former employee’s e-mails. | 5/11/2021 |
| Norwegian DPA | Norwegian DPA issues fine for forwarding e-mail | Press release | The Norwegian Data Protection Authority has fined an organization EUR 40 000 (NOK 400,000) for unlawfully setting up automatic forwarding of an employee’s e-mails. | 5/11/2021 |
| Norwegian DPA | Norwegian DPA issues fine to Aquateknikk AS | Press release | The Norwegian Data Protection Authority has fined Aquateknikk AS EUR 10,000 (NOK 100,000) for having performed a credit rating on a private individual without legal basis. | 5/11/2021 |
| Norwegian DPA | Norwegian DPA issues fine to Coop Finnmark | Press release | The Norwegian Data Protection Authority has issued a fine in the amount of EUR 40 000 (NOK 400,000) to Coop Finnmark AS. The case concerns unlawful distribution of a camera recording from a shop. | 5/11/2021 |
| Norwegian DPA | Norwegian DPA issues fine to Gveik AS | Press release | The Norwegian Data Protection Authority has fined Gveik AS EUR 7 500 (NOK 75,000) for having conducted a credit rating without a legal basis. | 5/11/2021 |
| Norwegian DPA | Norwegian DPA issues fine to Lindstrand Trading AS | Press release | The Norwegian Data Protection Authority has decided to issue a fine of EUR 10 000 (NOK 100,000) to Lindstrand Trading AS for conducting a total of four credit ratings of individuals and sole proprietorships without a legal basis. | 5/11/2021 |
| Norwegian DPA | Norwegian DPA issues reprimand to Telenor for inadequate protection of personal data | Press release | The Norwegian Data Protection Authority have issued a reprimand to Telenor Norge AS for inadequate protection of personal data in its voicemail function, and for failing to submit a data breach notification to the Norwegian Data Protection Authority. | 5/11/2021 |
| Norwegian DPA | Norwegian DPA issues fine to Municipality of Indre Østfold | Press release | The Norwegian Data Protection Authority has fined the Municipality of Indre Østfold EUR 20 000 (NOK 200,000) for a confidentiality violation. Personal data that should have been restricted was available to unauthorized persons. | 5/11/2021 |
| Norwegian DPA | Administrative fine to Customs directorate | Press release | The Norwegian Data Protection Authority has given the Norwegian Customs a final decision on an administrative fine of NOK 400,000. The fine has been adjusted downwards in relation to the notice given in 2019. The case concerns the collection and use of information from cameras without legal basis. | 5/11/2021 |
| Norwegian DPA | Administrative fine to Østfold HF Hospital | Press release | The Norwegian Data Protection Authority has decided on an administrative fee of NOK 750,000 to Østfold HF Hospital. The background is that in the period 2013-2019, the hospital stored report extracts from patient records outside the safe zone. The case started with a notice of personal data breach from the hospital. | 5/11/2021 |
| Norwegian DPA | Guidance to Vigilo regarding applicable obligations | Press release | Earlier this autumn, the Norwegian Data Protection Authority decided on an administrative fee for Bergen municipality because personal information in the communication system between school and home was not adequately secured. We have now given guidance to Vigilo that they too must take responsibility for the communication failure between the company and the municipality. | 5/11/2021 |
| Norwegian DPA | Final decision, administrative fine for Rælingen municipality | Press release | The Norwegian Data Protection Authority has imposed an administrative fine of 500 000 NOK (EUR 47,500) to Rælingen Municipality. The fine is imposed after data concerning health of children in with special needs was processed using the digital learning platform Showbie. | 5/11/2021 |
| Norwegian DPA | Administrative fine imposed on the Municipality of Oslo, the Education Agency | Press release | In October 2019, a fine of € 120 000 was imposed on the Municipality of Oslo, the Education Agency, as a result of poor security of processing in the ‘Skolemelding’ mobile app. The app is used for communication between school employees, parents and pupils. | 5/11/2021 |
| Philippines National Privacy Commission | Investigation into the Possible Data Privacy Violations Committed by the website LISENSYA.INFO | IN RE: LISENSYA.INFO Initiated as an Independent NPC Investigation into the Possible Data Privacy Violations Committed by the website LISENSYA.INFO. | 5/11/2021 | |
| Philippines National Privacy Commission | Initiated as an Independent NPC Investigation into the Possible Data Privacy Violations Committed by the website LISENSYA.INFO | IN RE: LISENSYA.INFO Initiated as an Independent NPC Investigation into the Possible Data Privacy Violations Committed by the website LISENSYA.INFO. | 5/11/2021 | |
| Philippines National Privacy Commission | GRAB PHILIPPINES’ [1] ROLL-OUT OF THE PASSENGERSELFIE VERIFICATION; [2] PILOT TEST OF THE IN-VEHICLE AUDIO RECORDING; AND [3] PILOT TEST OF THE IN-VEHICLE VIDEO RECORDING | IN RE: GRAB PHILIPPINES’ [1] ROLL-OUT OF THE PASSENGERSELFIE VERIFICATION; [2] PILOT TEST OF THE IN-VEHICLE AUDIO RECORDING; AND [3] PILOT TEST OF THE IN-VEHICLE VIDEO RECORDING | 5/11/2021 | |
| Philippines National Privacy Commission | JBD vs JI and VVV | 5/11/2021 | ||
| Philippines National Privacy Commission | FAT vs XXX | 5/11/2021 | ||
| Philippines National Privacy Commission | BGM vs IPP | 5/11/2021 | ||
| Philippines National Privacy Commission | N RE: FLIOPERATING ABCONLINE LENDING APPLICATION | 5/11/2021 | ||
| Philippines National Privacy Commission | ECA vs XXX | 5/11/2021 | ||
| Philippines National Privacy Commission | RBD vs FCASH Global Lending | 5/11/2021 | ||
| URCDP | Guidelines for the processing of personal images in the framework of the vaccination campaign against COVID-19 | Guidelines | The massive attendance of the population to vaccination posts, and the eventual waiting in public areas can expose people to the capture of their personal image by the media or even individuals. In this sense, the documents provides information to the press and people in general for the processing of the images of people in compliance with the regulations on personal data protection. | 5/11/2021 |
| URCDP | Web forms: good practices in personal data protection | Guidelines | Quality databases are essential for organizations, as it allows improving the quality of the relationship between people and the organization, as well as facilitating its internal processes, improving its efficiency. On many occasions, these databases are fed by information that is collected in digital forms. For this reason, the URCDP gathered ten good practices aimed especially at public organizations, so that they can create and distribute web forms that collect personal data. The document includes recommendations on the choice of systems, authentication mechanisms, management of the collected data, its conservation and impact assessment. In addition, reference is made to the importance of the participation of the Personal Data Protection Officer in the generation of the forms, as well as the inclusion of clauses that include the conditions of data processing, so that people can exercise their rights in the digital world. | 5/11/2021 |
| URCDP | Recommendations for the processing of personal data in the framework of teleworking | Guidelines | Teleworking is a form of work carried out in a location far from a central office or production facilities that separates the person from personal contact with colleagues who are at the office.This modality is based on tools that allow meetings to distance, its recording and storage, the exchange of files, the use of the cloud, with an exponential increase in the processing of personal information through the internet. | 5/11/2021 |
| URCDP | Contact Tracing in Mobile Applications: Recommendations to Protect Personal Data | Guidelines | El Consejo Ejecutivo de la URCDP emitió la Resolución N° 35/020, de 9 de junio de 2020, con recomendaciones para utilizar los sistemas de rastreo de contacto de las aplicaciones móviles durante la emergencia sanitaria en cumplimiento de la normativa sobre protección de datos personales. | 5/11/2021 |
| URCDP | Recommendations for temperature control in the national health emergency situation/ | Guidelines | The health emergency declared by Decree No. 93/020, of March 13, 2020, and derived from the coronavirus pandemic (COVID-19), has generated in multiple actors the need to use various techniques to safeguard health and safety of people, and of society in general. In this framework, the use of personal information is achieved by regulations that recognize the right to the Protection of Personal Data as a fundamental right. For this reason, it is imperative to make a responsible use of said information, trying to reach a balance with other rights. | 5/11/2021 |
| URCDP | Recommendations for the processing of personal data in the face of the national health emergency situation | Guidelines | In the framework of the health emergency caused by the spread of the COVID-19 coronavirus, the URCDP prepared a document with the aim of guiding those in charge and responsible for the use and handling of personal data. The document contains information on the requirements for the treatment of sensitive data, who are the legitimate subjects for the treatment of health data, consent of the owner, general principles of Personal Data Protection and links of interest on the national legal framework in force in matter, among others. Likewise, the text reminds that the use of personal information is achieved by rules that recognize the right to the Protection of Personal Data as a fundamental right and encourages the responsible use of such information. | 5/11/2021 |
| URCDP | Decree No. 64/020, regulating the new provisions on Personal Data Protection | Decree | The decree regulates articles 37 to 40 of Law No. 19.670. It establishes a new territorial scope of Law N ° 18.331 on the Protection of Personal Data, modifies the principle of responsibility, incorporates the principle of "accountability", imposes a new regime of communication of security breaches that involve personal data and creates the figure of the Data Protection delegate for certain types of processing. | 5/11/2021 |
| URDCP | Resolutions, opinions and reports 2019 | Opinions, Resolutions and Reports | The URCDP resolves claims made by the persons, makes recommendations and impose penalties. This document includes Opinions, Resolutions and Reports by the Unit in the year 2019. | 5/11/2021 |
| Bundeskartellamt (Federal Cartel Office) | Proceeding against Google based on new rules for large digital players (Section 19a GWB) – Bundeskartellamt examines Google's significance for competition across markets and its data processing terms | Press release | Proceeding against Google based on new rules for large digital players (Section 19a GWB) – Bundeskartellamt examines Google's significance for competition across markets and its data processing terms. | 5/11/2021 |
| Bundeskartellamt (Federal Cartel Office) | Proceedings against Amazon based on new rules for large digital companies (Section 19a GWB) | Press release | Proceedings against Amazon based on new rules for large digital companies. | 5/11/2021 |
| Bundeskartellamt (Federal Cartel Office) | First proceeding based on new rules for digital companies – Bundeskartellamt also assesses new Section 19a GWB in its Facebook/Oculus case | Press release | First proceeding based on new rules for digital companies | 5/11/2021 |
| Bundeskartellamt (Federal Cartel Office) | Proceeding against Apple based on new rules for large digital companies (Section 19a(1) GWB) – Bundeskartellamt examines Apple’s significance for competition across markets | Press release | Proceeding against Apple based on new rules for large digital companies. | 5/11/2021 |
| GPA | Enforcement Cooperation Handbook (English) | Enforcement Cooperation Handbook (English) | 5/11/2021 | |
| GPA | Enforcement Cooperation Handbook (French) | Enforcement Cooperation Handbook (French) | 5/11/2021 | |
| Norway DPA | Decision to fine Odin Flissenter AS | Decision | The Norwegian Data Protection Authority has issued Odin Flissenter AS (Tile distributor) an administrative fine of EUR 13 905 (NOK 150 000) for performing a credit check of a sole proprietorship without having a lawful basis for the processing. | 5/11/2021 |
| Norway DPA | Decision to fine Bergen municipality | Decision | The Norwegian Data Protection Authority has given Bergen municipality a final decision on an administrative fine of approximately EUR 276,000 (3 million NOK). Personal information in the communication system between school and home was not secure enough. | 5/11/2021 |
| Norway DPA | Decision to fine The Norwegian Public Roads Administration | Decision | The Norwegian Data Protection Authority has issued the Norwegian Public Roads Administration a fine of 37,400 EUR (400 000 NOK) for processing personal data for purposes that were incompatible with the originally stated purposes, and for not erasing video recordings after 7 days. | 5/11/2021 |
| Norway DPA | Intention to issue € 10 million fine to Grindr LLC | Datatilsynet | Press Release | AdTech - The Norwegian Data Protection Authority has notified Grindr LLC (Grindr) that we intend to issue an administrative fine of NOK 100 000 000 for not complying with the GDPR rules on consent. | 27/03/2022 |
| Norway DPA | Press release: Intent to issue € 2,5 million fine to Disqus Inc | Press Release | AdTech - The Norwegian Data Protection Authority has notified Disqus Inc. (Disqus) that we intend to issue an administrative fine of NOK 25 000 000 for not complying with the GDPR rules on accountability, lawfulness, and transparency | 27/03/2022 |
| Hong Kong- Privacy Commissioner for Personal Data | Guidance on Protecting Personal Data Privacy in the Use of Social Media and Instant Messaging Apps | Guidance Note | AdTech – This Guidance aims to highlight those risks and provide practical advice that will help to mitigate the risks associated with social media. | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Policy position on online behavioural advertising | Policy Position | AdTech - The following policy position addresses the application of the Personal Information Protection and Electronic Documents Act’s (PIPEDA) to the collection and use of data about individuals’ web activities by means of such technology as cookies, web beacons, supercookies, zombie cookies, device data, for the purposes of online behavioural advertising (OBA) only. | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Online Behavioural Advertising (OBA) Follow Up Research Project | Report | AdTech - A report prepared by the Technology Analysis Branch of the Office of the Privacy Commissioner of Canada | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Online Behavioural Advertising Putting a Normative Framework Around a Business Model | Conference notes | AdTech - Remarks at the 20th Annual Advertising and Marketing Law Conference | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Guidelines on privacy and online behavioural advertising | Guidance | AdTech - The following guidelines were developed to help the various types of organizations involved in online behavioural advertising ensure that their practices are fair, transparent and in compliance with PIPEDA. | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Online behavioural advertising in brief | Guidance | AdTech - Online behavioural advertising in brief | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Frequently Asked Questions about online behavioural advertising | FAQs | AdTech - Frequently Asked Questions about online behavioural advertising | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Web tracking with cookies | Guidance | AdTech - Guidance on web tracking with cookies | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Frequently Asked Questions about Cookies | FAQs | AdTech - Frequently Asked Questions about Cookies | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Report on the 2010 Office of the Privacy Commissioner of Canada's Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing | Report | AdTech - The following report on the consultations summarizes what we heard both during the consultations and in the responses to our published draft report, what we think, and where we would like to focus our future work. | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Investigation of Nexopedia | Report of Findings | AdTech - A complaint against Nexopia.com Inc. (Nexopia or the “website”) by individuals from the Public Interest Advocacy Centre (PIAC or the “complainants”) comprised 19 allegations ranging over six distinct issues. | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Investigation of Facebook | Report of Findings | AdTech - Report of Findings into the Complaint Filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) against Facebook Inc. Under the Personal Information Protection and Electronic Documents Act by Elizabeth Denham Assistant Privacy Commissioner of Canada | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Investigation of Facebook | Report of Findings | AdTech - No evidence Facebook shares personal information with other sites via social plug-ins, investigation finds | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Investigation of Microsoft | Report of Findings | AdTech - Microsoft to obtain opt-in consent, enhance transparency for Windows 10 privacy settings | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Investigation of Apple | Report of Findings | AdTech - Apple called upon to provide greater clarity on its use and disclosure of unique device identifiers for targeted advertising | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Investigation of Bell | Report of Findings | AdTech - Results of Commissioner Initiated Investigation into Bell’s Relevant Ads Program | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Investigation of Ganz Inc | Report of Findings | AdTech - Investigation into the personal information handling practices of Ganz Inc. | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Investigation of AggregateIQ Data Services Ltd. | Report of Findings | AdTech - Joint investigation of AggregateIQ Data Services Ltd. by the Privacy Commissioner of Canada and the Information and Privacy Commissioner for British Columbia | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Investigation of Google | Report of Findings | AdTech - Use of sensitive health information for targeting of Google ads raises privacy concerns | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Investigation of PositiveSingles.com | Report of Findings | AdTech - Canadian adware developer Wajam Internet Technologies Inc. breaches multiple provisions of PIPEDA | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Investigation of Wajam Internet Technologies Inc. | Report of Findings | AdTech - Profiles on PositiveSingles.com dating website turn up on other affiliated dating websites | 27/03/2022 |
| Canada Office of the Privacy Commissioner of Canada (OPC) | Investigation of an airline company | Case Summary | AdTech - Customer complains about airline's use of "cookies" on its Web site | 27/03/2022 |
| Jersey Office of the Information Commissioner | What is a Cookie? | Guidance | AdTech – Cookie guidance for organisatons in Jersey | 27/03/2022 |
| United Kingdom – Information Commissioner’s Office | Update report into adtech real time bidding | Report | AdTech - Report on ICO’s investigation into AdTech/RTB setting out our findings and clarifying our views. | 27/03/2022 |
| United Kingdom – Information Commissioner’s Office | Adtech market research report | Report | AdTech - Report setting our findings of public survey and fieldwork to better understand people’s awareness and perceptions of online advertising. | 27/03/2022 |