Data

Subscribe to Data
  • Background. Company B-1 and Company B-2 are corporate affiliates who are under common ownership or control but are separate legal entities. Company B-2 is the processor of Company B-1. While data is being directly sent from Company A in Europe to Company B-2, Company B-2 is not acting as the processor of Company A;

  • Background. Company B-1 and Company B-2 are corporate affiliates who are under common ownership or control but are separate legal entities. While data is being directly sent from Controller A in Europe to Controller B-2 in the United States, Controller A has contracted only with Controller B-1 in Europe. Solid line indicates the data

The new Telecommunications Telemedia Data Protection Act (TTDSG) (link in German) is the result of a clean-up campaign in German data protection law. The TTDSG, which became effective 1 December 2021, merges the data protection regulations in telemedia and telecommunications law that were previously scattered across a wide array of German laws.

Click

December 2021 has brought with it holiday cheer and an uptick in distributed denial of service attacks (DDOS) attacks. DDOS attacks are fast becoming a new tool in the extortionist threat actor’s toolkit. DDOS attacks are attractive because they don’t require attackers to actually hack into a company’s systems. Instead, a DDOS attack targets a

Profiling is defined in several statutes as any form of automated processing of personal data to evaluate, analyze, or predict personal aspects concerning an identified or identifiable individual’s economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.[1] Profiling activities can loosely be grouped into the following three categories or buckets with the

On Monday, November 16 at 12:00 PM EST, TrustArc, the leader in privacy compliance and data protection solutions, will host the webinar “Post US Election Privacy Updates & Implications.”  The United States election on November 3rd impacted the future use of personal information for organizations doing business with US citizens. From presidential results to state

No.

The regulations implementing the CCPA require that in-scope businesses must provide two or more designated methods of submitting requests to opt-out, including an interactive form accessible via a clear and conspicuous link titled “Do Not Sell My Personal Information,” on the business’s website or mobile application.[1]

In addition to the “DNSMPI” link noted

Yes.

Where a global privacy control (“GPC”) conflicts with a consumer’s existing business-specific privacy setting or their participation in a business’s financial incentive program, the business must respect the GPC, but may notify the consumer of the conflict and give the consumer the choice to confirm the business-specific privacy setting or participation in the financial

No.

A group of privacy advocates and privacy software companies has proposed an “unofficial” specification for how consumers might transmit, and how companies might receive, a global privacy opt-out signal that indicates an intention for information not to be sold.  As of 12 October 2020, the draft “Global Privacy Control specification” claims to have “no

A group of privacy advocates, publishers, and privacy software companies have proposed an “unofficial” specification for how consumers might transmit, and how companies might receive, a global privacy opt-out signal that indicates an intention for information not to be sold.  They refer to their specification as the Global Privacy Control header, “GPC header,” or “GPC