GDPR: Data Transfers to Third Countries – When is a transfer a transfer?
We are often asked: “what is meant by a transfer of personal “to a third country” for the purposes of Chapter V of the GDPR?” – although not usually in such precise terms. It is an important question as any transfer of personal data to a third country must comply with the conditions laid down […]
The New EU-US Data Privacy Framework
The EU has announced the adoption of the EU-US Data Privacy Framework . The framework is intended to address the concerns raised by the Court of Justice of the European Union (CJEU) in its Schrems II decision regarding the EU-US Privacy Shield. It provides a new mechanism for transfers of personal data to the United States. The framework is effective immediately
Facebook – GDPR Privacy Statement Insights
On 6 October, Ireland’s Data Protection Commissioner (DPC) published a draft decision in respect of a GDPR complaint centred on the user journey for accepting Facebook’s terms and conditions. The complainant argued the process amounted to Facebook’s seeking of consent for using personal information which, because of the nature of the user journey, meant consent […]
Mailchimp: Transfers of personal data to US unlawful
Mailchimp is used for marketing distribution by many EU-based businesses. However, the ability to continue using Mailchimp lawfully under the GDPR has been thrown into serious doubt. This follows a recent decision by the Bavarian Data Protection Authority that transfers of personal data (including in the form of email addresses) to the United States when […]
Effort will reward!
Avoiding fines is never the primary aim of the support we give our clients. We focus on helping them meet privacy obligations and commitments. However, a recent case demonstrated that a real effort to get things right will help achieve a favourable outcome if something goes wrong. The Swedish data protection authority (IMY) published the […]
Remote Working Consultation
The Irish Government last month sought responses to its public consultation on Remote Working Guidance. Impact Privacy has now published its response to the consultation, which closed on 7 August. We are an advocate for more flexibility in where, and when, employees undertake their work for employers. We believe the economic, business, social, and environmental […]
COVID-19, Temperature Checking and the GDPR
France’s Conseil D’Etat (“CE”) has ruled the use of thermal imaging cameras to detect temperature symptoms of COVID-19 is governed by the GDPR. This is thought provoking because in this case the cameras did not record personal data. The cameras had no memory and operated by giving the person being measured (and no-one else) an […]
Access to work emails under the GDPR
A recent decision by the Hungarian Data Protection Authority once again highlights the importance of having clear rules in place to govern employees’ use of work email for personal purposes. In this particular case a former civil servant sought access to his work email account after his employment had been terminated. Unsurprisingly, the employer refused. […]
Collecting employee health data for COVID-19
In a non-binding opinion published in May, the Slovenian data protection authority (the IP), gave its view on the extent employers are permitted to use data regarding employees’ health. This opinion was given in the context of signed statements from employees confirming whether they belong to an “at-risk” group for the purposes of managing COVID-19 […]
Facial recognition, fingerprint technology, and the GDPR: An essential pre-purchase guide for employers
Many things sound like a great idea until, with the benefit of advice (and hopefully not hindsight), the problems become obvious. The use of facial recognition technology (and other biometrics, like fingerprints) in the workplace is one of those “great ideas”. However, few (if any) biometric technology vendors provide customers with a real and honest […]
