General Data Protection Regulation
Filter resources
-
Facebook Custom Audience illegal without explicit user consent
Online shops and marketers routinely share customer data with Facebook to reach them with targeted advertising. Turns out that in many cases this is illegal. A ground-breaking decision by a German Data Protection Authority (DPA) recently ruled that matching customers’ email addresses with their Facebook accounts requires their explicit consent.
Read more
-
Will Serbia adjust its data protection framework to GDPR?
After a process that took more than five years, the National Assembly of Serbia finally adopted a new Law on Personal Data Protection in November 2018. The law closely follows EU’s General Data Protection Regulation (GDPR), almost to the point of literal translation into Serbian of some parts of the text. That was expected, due […]
Read more
-
Protecting personal data world wide: Convention 108+
Almost one year after the General Data Protection Regulation (GDPR) entered into force in the European Union (EU), the question often arises about what could other countries around the world do to protect their citizens’ personal data. Although there are countries that have data protection laws in place, many still do not, or have laws […]
Read more
-
GDPR incompatibility – the blind spot of the copyright debate
The debate around the Copyright Directive reform has been intense. Former Article 13, which became Article 17 in the text voted by the European Parliament on 26 March, created the greatest controversy between stakeholders arguing about the so-called “value gap” in the creative sectors, upload filters, and a new platform liability regime, among others issues. […]
Read more
-
The art of dodging questions – Facebook’s privacy policies
Remember in April 2018, after the Cambridge Analytica scandal broke, we sent a series of 13 questions to Facebook about their users’ data exploitation policy. Months later, Facebook got back to us with answers. Here is a critical analysis of their response. Recognising people’s face without biometric data? The first questions (1a and 1b) related […]
Read more
-
ApTI submits complaint on Romanian GDPR implementation
In November 2018, the RISE Project case showed that the Romanian Data Protection Authority (ANSPDCP or Romanian DPA) was unprepared to respond to cases that involve both the right to freedom of expression and the right to privacy. RISE Project’s investigative journalism story #TeleormanLeaks was an important signal that the General Data Protection Regulation (GDPR) […]
Read more
-
ICANN and GDPR – nowhere near compliance
The Internet Corporation for Assigned Names and Numbers (ICANN) Initial Report of the Expedited Policy Development Process (EPDP) on the Temporary Specification for generic Top Level Domain (gTLD) Registration Data Team makes for difficult reading. This is because, though it contains a serious attempt at complying with the General Data Protection Regulation (GDPR) compliance, it […]
Read more
-
Google and IAB: Knowingly enabling intrusive profiling
On 28 January, EDRi member Panoptykon joined a complaint against Google and the Interactive Advertising Bureau (IAB) in Poland, after it had become clear that the advertising categories provided by these entities are enabling the processing of extremely sensitive data of European citizens. On 20 February, new evidence was published proving that the IAB was […]
Read more
-
FRA and EDPS: Terrorist Content Regulation requires improvement for fundamental rights
On 12 February 2019, the European Union Agency for Fundamental Rights (FRA) published an Opinion regarding the Regulation on preventing the dissemination of terrorist content online. In the same day, the European Data Protection Supervisor (EDPS) submitted its comments on the topic to the responsible committee in the European Parliament. These two texts complement EDRi’s […]
Read more
-
EDPB confirms: Privacy Shield is still a shame
On 22 January 2019, the European Data Protection Board (EDPB) adopted a Report on the Second Annual Review of the EU-US Privacy Shield. The Privacy Shield is a framework arrangement between the United States and the European Union to enable the transmission of personal data from the territory of the EU to the US. It […]
Read more
-
Austrian postal service involved in a data scandal
After a media report from the media outlet “Addendum”, the Austrian postal service faces public outcry over its data gathering and sales activities. The Austrian Post is known for not only exercising their main duty of post delivery, but also selling addresses of Austrian residents to companies and political parties, for advertising. The media report […]
Read more
-
Panoptykon files complaints against Google and IAB
On the International Data Protection Day, 28 January 2019, EDRi member Panoptykon filed complaints against Google and the Interactive Advertising Bureau (IAB) under the General Data Protection Regulation (GDPR) to the Polish Data Protection Authority (DPA). The complaints are related to the functioning of online behavioural advertising (OBA) ecosystem.
Read more