Announcements from the European Data Protection Board and other data protection authorities on GDPR and Covid-19 ("corona")

In 2018, the state of California passed the CCPA - the California Consumer Privacy Act of 2018. The Act contains many of the same elements as the GDPR. For example, the CCPA requires that a web page shows the users which of their personal data are collected, what the data will be used for, and identifies third parties who...

If you never really understood the point of privacy laws, or found it hard to explain to others, you should read Edwards Snowden's new book, Permanent Record (Macmillan, September 2019). Partly structured like a novel, Snowden recounts his upbringing and events leading up to his dramatic decision to reveal the shocking mass surveillance by...

The requirement for consenting to non-essential cookies in Norway has been unclear, and the Norwegian Communications Authority (Nkom)'s 27 November 2019 update of its guidelines did not help much. Nkom stands by its uniquely Norwegian view that a browser's pre-setting represents consent, while it encourages the selection of active consent for the...

PWC has recently discovered that a small group of companies is deliberately building up data trust as a company value, even if the short term impact on profits is negative. Another surprising finding was that the companies viewed stricter regulations as an advantage, rather than a hindrance. These trust pacesetters build and protect the value of...

A new plenary judgment from the European Court of Human Rights (ECHR) in Strasbourg opens for secret video recording of employees. The 17 October 2019 judgment concerns five employees in a Spanish supermarket whose dismissals were caused by thefts from the employer. The video recordings were decisive evidence.

With the fierce debate on Huawei's effect on security of the planned 5G networks, it's time to take a look at what liability the Internet of Things may inflict on the producers of the things. Read more about the risk associated with product liability for software controlled things in the EU/EEA under this link.

In the last two years, the Bull & Co technology team has performed a series of "GDPR reviews" for companies of all sizes and in various industries. We have found that some success criteria repeat themselves in the most successful projects. They are listed here:

Although GDPR began to apply in the EU member states already on 25 May 2018, the legal process is a little more complicated in Norway, since we are an EEA country and not a member of the EU.

On 5 June 2018, the Court of Justice of the European Union (CJEU) decided that an administrator of a Facebook fan page will be considered a so-called data controller, jointly with Facebook. This means that the creator of a Facebook page for marketing purposes, becomes responsible for complying with the Personal Data Act (including GDPR) in its...