Balancing test guidance by the UK DPA:
https://ico.org.uk/media/2258435/gdpr-guidance-legitimate-interests-sample-lia-template.docx
European Commission adopts adequacy decision on Japan, creating the world’s largest area of safe data flows
http://europa.eu/rapid/press-release_IP-19-421_en.htm
Japan adequacy decision and related documents
https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
Ethics and Data Protection
Quoting from the Disclaimer:
“This document has been drafted by a panel of experts at the request of the European Commission (DG Research and Innovation) and aims at raising awareness in the scientific community, and in particular with beneficiaries of EU research and innovation projects. It does not constitute official EU guidance. Neither the European Commission nor any person acting on their behalf can be made responsible for the use made of it.”
EDPS opinion on Social Media Monitoring
EDPS Prior Checking Opinion “Data processing for social media monitoring” at the European Central Bank (ECB)
Case 2017-1052
(Happened to be in the January 2019 EDPS newsletter, but opinion is from March 2018)
GUIDELINES ON ARTIFICIAL INTELLIGENCE AND DATA PROTECTION
by the CONSULTATIVE COMMITTEE OF THE CONVENTION FOR THE PROTECTION
OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA
(Convention 108)
https://rm.coe.int/guidelines-on-artificial-intelligence-and-data-protection/168091f9d8
Opinion 3/2019 concerning the Questions and Answers on the interplay between the Clinical Trials Regulation (CTR) and the General Data Protection regulation (GDPR) (art. 70.1.b))
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_opinionctrq_a_final_en.pdf
Remaining questions for me:
Will Ethical Review Board adopt this view?
Final set of DG SANTE Questions and Answers?
Will this be reflected / be overruled by national law (Art 9 (4))?
Web Privacy Measurement in Real-Time Bidding Systems. A Graph-Based Approach to RTB System Classification
Austria DPA: Anonymization as a form of deletion
What breaches do you need to notify the ICO about?
with a special emphasis on Recital 85:
“A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or non-material damage to natural persons such as loss of control over their personal data or limitation of their rights, discrimination, identity theft or fraud, financial loss, unauthorised reversal of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social disadvantage to the natural person concerned.”