Category: News

https://www.heise.de/newsticker/meldung/Auslegungssache-c-t-startet-eigenen-Datenschutz-Podcast-4572294.html

Spain (AEPD): https://aepd.es/media/guias/guia-cookies.pdf, in English https://www.aepd.es/media/guias/guia-cookies-en.pdf

France (CNIL): https://legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000038783337&categorieLien=id

Ireland: https://dataprotection.ie/en/guidance-landing/cookies

Germany (DSK): https://datenschutzkonferenz-online.de/media/oh/20190405_oh_tmg.pdf

UK (ICO): https://ico.org.uk/for-organisations/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies

Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks. The author is Adrian Vollmer (SySS GmbH).

https://github.com/SySS-Research/Seth<7a>

http://dip21.bundestag.de/dip21/btd/19/134/1913438.pdf

English version: https://www.datenschutzkonferenz-online.de/media/dskb/20191126_dsk_fining_concept_en.pdf

In German:
https://www.datenschutzkonferenz-online.de/media/ah/20191016_bu%C3%9Fgeldkonzept.pdf
https://www.bakermckenzie.com/-/media/files/insight/publications/2019/11/client-alert-dpa-concept-for-fines.pdf

State Data Protection Commissioner of Lower Saxony has now submitted its final report for the result of a cross-industry GDPR-audit of 50 companies.

Find below the press release with

• questionnaire
• *criteria for evaluating the responses*
• final report

*Only in German”.. As expected quite a few didn’t get their legitimate interest assessments right, etc..

https://lfd.niedersachsen.de/startseite/allgemein/presseinformationen/abschluss-der-querschnittsprufung-182253.html

https://www.garanteprivacy.it/regolamentoue/bilancio

https://edpb.europa.eu/our-work-tools/consistency-findings/opinions_de

includes
“[..]
49. The EDPB does not consider that Article 6(1)(b) would generally be an appropriate lawful basis for processing for the purposes of improving a service or developing new functions within an existing service. In most cases, a user enters into a contract to avail of an existing service. While the possibility of improvements and modifications to a service may routinely be included in contractual terms, such processing usually cannot be regarded as being objectively necessary for the performance of the contract with the user. ”

Also the EDPB again gives special attention to personalisation, saying that where personalisation is not really necessary for the performance of a contract, eg where content personalisation is just used to increase user engagement, data controllers should consider another legal basis

https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines-art_6-1-b-adopted_after_public_consultation_en.pdf

https://www.stanforddaily.com/2019/11/01/facebook-on-privacy-part-1-you-agreed-to-it/