Diverging fining policies of European DPAs: is there room for coherent enforcement of the GDPR?
The European Union’s (EU) General Data Protection Regulation (GDPR) puts forward a non-exhaustive list of criteria in Article 83 that Data Protection Authorities (DPAs) need to consider when deciding whether to impose administrative fines and in determining their amount in specific cases. Notoriously, the ceiling for administrative fines put forward by the GDPR is high […]
Comparative Look at Models of Data Protection – Series of Webinars Led by the Israel Tech Policy Institute (ITPI)
Authors: Kavisha Patel and Lee Matheson Kavisha Patel is a current student at Georgetown Law and an FPF Global Privacy Intern. As a result of Israel’s recently proposed comprehensive privacy law update, the Protection of Privacy Bill, the Israel Tech Policy Institute led a series of three webinars in February 2022 discussing comparative models of […]
The ebb and flow of trans-Atlantic data transfers: It’s the geopolitics, stupid!*
The following is a guest post to the FPF blog from Lokke Moerel, Professor of Global ICT Law at Tilburg University and a Dutch Cyber Security Council member. Guest blog posts do not necessarily reflect the views of FPF. 1. Introduction There is a call for a rational debate on trans-Atlantic data transfers. Frustrations increase […]
Reading the Signs: the Political Agreement on the New Transatlantic Data Privacy Framework
The President of the United States, Joe Biden, and the President of the European Commission, Ursula von der Leyen, announced last Friday, in Brussels, a political agreement on a new Transatlantic framework to replace the Privacy Shield. This is a significant escalation of the topic within Transatlantic affairs, compared to the 2016 announcement of a […]
Measuring Privacy Programs
The risks of falling short on privacy compliance are greater than they have ever been. New laws are going into effect around the world and in the states, enforcement agencies are exercising their authority and media organizations have teams devoted to identifying data protection failures. Legal judgments can run into the billions. And most important, […]
Brussels Privacy Symposium 2021 Report
On November 16, 2021, the Future of Privacy Forum (FPF) and the Brussels Privacy Hub of Vrije Universiteit Brussel (VUB) hosted the Brussels Privacy Symposium 2021 – The Age of AI Regulation: Global Strategic Directions. The event, convened by Jules Polonetsky, CEO of FPF, Christopher Kuner and Gianclaudio Malgieri, Co-Chairs of the Brussels Privacy Hub […]
BCI Commercial and Government Use: Gaming, Education, Employment, and More
This post is the third in a four-part series on Brain-Computer Interfaces (BCIs), providing an overview of the technology, use cases, privacy risks, and proposed recommendations for promoting privacy and mitigating risks associated with BCIs. Click here for FPF and IBM’s full report: Privacy and the Connected Mind. In case you missed them, read the […]
Privacy Best Practices for Rideshare Drivers Using Dashcams
FPF & Uber Publish Guide Highlighting Privacy Best Practices for Drivers who Record Video and Audio on Rideshare Journeys FPF and Uber have created a guide for US-based rideshare drivers who install “dashcams” – video cameras mounted on a vehicle’s dashboard or windshield. Many drivers install dashcams to improve safety, security, and accountability; the cameras […]
The State of Play – Issue Brief: COPPA 101
The Children’s Online Privacy Protection Act (COPPA), enacted by Congress in 1998, aims to give parents more control over the information collected about their children online. The law requires operators of games, websites, apps, and other online services catered to users under the age of 13 to obtain permission from a child’s parent before collecting information about […]
Understanding why the first pieces fell in the transatlantic transfers domino
Two decisions issued by Data Protection Authorities (DPAs) in Europe and published in the second week of January 2022 found that two websites, one run by a contractor of the European Parliament (EP), and the other one by an Austrian company, have unlawfully transferred personal data to the US merely by placing cookies (Google Analytics and Stripe) provided by two US-based companies on the devices of their visitors.