Strand Alliance: Connecting for Change
Pembroke Privacy, Or-Hof and PANETTA Consulting Group are pleased to officially launch the Strand Alliance. Strand Alliance is an international group of independent privacy consultancies, law firms and external DPO providers who are recognised leaders in their field. Strand Alliance members share the same values and way of working and offer their clients the best of local expertise combined […]
Looking Forward: Data Protections Predictions for Ireland 2024
2023 was not short of significant supervisory authority action and legislative change in the ever-changing world of data protection. We expect to see further progress on the issues outlined below in 2024. 1. TikTok Appeal and Judicial Review Challenge In September 2023, Ireland’s Data Protection Commission completed its inquiry into TikTok, finding the platform failed […]
Irish DPC & EDPB Meta Rulings
Earlier this month, the Irish Data Protection Commission (DPC) and European Data Protection Board (EDPB) released the findings in two investigations into Meta’s advertising terms of service. The DPC imposed a combined €390 million fine for violations of GDPR and gave the company three months to bring its practises into legal compliance. The decision and […]
IAPP Europe Data Protection Congress 2022
Introduction The volume of interest at the recent IAPP Europe Data Protection Congress 2022 came as no surprise, as high-profile data protection professionals from far and wide joined together in Brussels for its 11th year. An expansive set of topics included; policy and governance, ePrivacy implementation, artificial intelligence, GDPR enforcement, mergers and acquisitions, data transfers […]
International Conference on Computers, Privacy and Data Protection – CPDP 2022
“For companies, it is not just about limiting risks or complying with the law, but rather about re-branding themselves with different values, far away from exploitative techniques” – CPDP panelist I had the privilege to attend the International Conference on Computers, Privacy and Data Protection – CPDP 2022 last week . This three-day conference bought […]
Ireland: Data protection considerations in the employment context – Part two
The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and the Data Protection Act 2018 (‘the Act’) are the main pieces of legislation regarding data protection in Ireland. The Act supplements the GDPR and includes provisions relating to GDPR derogations, as well as establishes the Data Protection Commission (‘DPC’). In part two of this Insight […]
Ireland: Data protection considerations in the employment context – Part one
The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and the Data Protection Act 2018 (‘the Act’) are the main pieces of legislation regarding data protection in Ireland. The Act supplements the GDPR and includes provisions relating to GDPR derogations, as well as establishes the Data Protection Commission (‘DPC’). In part one of this Insight […]
Purpose Limitation in the GDPR
At the heart of the General Data Protection Regulation (GDPR), lie six fundamental principles for data controllers to follow when processing personal data. These include: Lawfulness, fairness, and transparency Purpose limitation Data minimisation Accuracy Storage limitation Integrity and confidentiality All six principles are subject to the overarching (sometimes called a 7th principle – accountability. For […]
Upcoming Data Protection Legislation – Predictions for 2022
1. EU Directive on representative actions for the protection of the collective interests of consumers 2020/1828 The object of this European Directive is to ensure that a representative action mechanism is available to protect consumer interests in all Member States while providing safeguards to avoid abusive litigation. The Directive applies to infringements by traders of […]
GDPR article 30 – Records of processing activity – ROPAs
The GDPR requires organisations to maintain a Record Of Data Processing Activity, often called a ROPA. This obligation applies to both controllers and processors and their representatives under article 28 (where applicable). There is an exemption for an organization which employs fewer than 250 people, however this will not apply where the processing: is likely […]