Search results

[…] and advertising, under the “contract” or “legitimate interests” legal bases. In parallel, the court asks the CJEU to rule on whether GDPR-compliant consent may be effectively and freely expressed by users “to a dominant undertaking”. These last questions resemble others that were posed more recently by the Austrian Oberster Gerichtshof. On July 20, 2021, […]

[…] or “written consent” for specific processing of PI (Art. 14). Similar to the GDPR, individuals have the right to withdraw consent (Art. 15). Inspired by the “ freely given” validity condition under the GDPR, the PIPL also provides that handlers may not refuse to provide products or services on the basis that an individual […]

[…] trend to modernize their regulatory approach, several of them proposing sandboxes (e.g., the CNIL and the Norwegian DPA), and pushing for more self-regulation, like the adoption of Codes of Conduct. DPAs also plan on dedicating efforts to make GDPR compliance work in practice on a large scale by targeting the empowerment of DPOs and […]

[…] treatment. The Prefatory Note of a late-stage draft of the UPDPA notes that it seeks to avoid “the compliance and regulatory costs associated with the California and Virginia regimes.”  Central to the framework, however, is a useful distinction between “compatible,” “incompatible,” and “prohibited” data practices, which moves beyond a purely consent model based on […]

[…] key aspect of market dominance. The Order specifically highlights the impact of serial mergers in the technology sector on user privacy, identifying privacy and competition among “ free” products as factors that should be considered as part of the enhanced scrutiny of mergers. The Fact Sheet explains that this is particularly relevant in the […]

[…] a series of examples of intangible concrete harms, many of them traditional privacy harms, including: reputational harms, disclosure of private information, intrusion upon seclusion, and infringement of free exercise. The Court then concludes that the subset of the class who had the false information about them disclosed had suffered a reputational injury, a type […]

[…] Using a researcher-friendly version of Empatica’s E4 device that prevents the collection of geolocation data, IP address, or mobile International Mobile Equipment Identity (IMEI) identifiers. Using QR codes to link participants to specific wearable devices to ensure that participant names and study record IDs would not be shared. Learn more about the project, including […]

[…] all plans, processes, and frameworks throughout the research collaboration. Use Technology to Enhance Privacy. The Stanford research team and Empatica took advantage of technology, where possible, to promote privacy throughout the project. Stanford employed QR codes to prevent the need to share participant identifiers, including names and study record IDs, with Empatica. Use Privacy-Protective […]

[…] health information. Using a researcher-friendly device, Empatica’s E4, that prevents the collection of geolocation data, IP address, or mobile International Mobile Equipment Identity (IMEI) identifiers. Using QR codes to link participants to specific wearable devices to ensure that participant names and study record IDs would not be shared. “A large part of our job […]

[…] examples of dark patterns are both clear and harmful, such as a design that tricks users into making recurring payments, or a service that offers a “ free trial” and then makes it difficult or impossible to cancel. In other cases, the presence of “nudging” may be clear, but harms may be less clear, […]