France
Norway
https://www.datatilsynet.no/globalassets/global/english/ai-and-privacy.pdf
UK
https://ico.org.uk/for-organisations/guide-to-data-protection/big-data/
[protecting people by good design, solid security, efficient processes and trusted services]
Decision No. 2011-316 dated 6 October 2011 adopting a standard for delivering privacy seals in audit procedures covering the protection of persons with regard to the processing of personal data
(which could be read as a good way to deliver a privacy audit – or to expect one being done on you following this procedure)
https://www.cnil.fr/sites/default/files/atoms/files/referentiel_audit_en.pdf
I wonder why they didn’t expand on Art 22 of the German DSAnpUG
CJEU landmark decision in the case Breyer v. Federal Republic of Germany (decision dated 19 October 2016, case number C-582/14).
DLA Piper analysis
David Vasella
http://datenrecht.ch/bgh-i-s-breyer-vi-zr-13513-16-5-17-personenbezug-dynamischer-ip-adressen/
IAPP article
The GDPR introduces some very high fines for violations, and for many countries in Europe this will be a major change. – In this context, it’s interesting to have a look at Spain, where the Data Protection Authority can already enforce fines of up to 600,000 EUR since several years.
Ricard Martinez of the Spanish Data Protection Association APEP wrote a very interesting article on the challenges that come with high privacy fines.
My key take-aways from his post are:
There’s much more information in Ricard Martinez’ post, and I encourage you to read more at http://www.phaedra-project.eu/the-challenge-of-the-enforcement-in-the-proposal-for-a-general-data-protection-regulation-2/