GDPR

NEW EU SCC’s: IMPACT ON SOUTH AFRICAN BUSINESS

On 4 June 2021, the European Commission adopted two new sets of Standard Contractual Clauses (“2021 SCCs”). The 2021 SCC’s will replace the old SCC’s adopted in 2010.  The adoption of new SCC’s is to reflect the changes to European Union (“EU”) data privacy law, under the General Data Protection Regulation 2016/679 ("GDPR") and the Schrems II decision((Case C-311/18 Data Protection Commissioner [...]

WhatsApp fines under the GDPR: A wake up call for businesses to comply

What happened with WhatsApp? The case that Max Schrems filed against WhatsApp back in December 2018 has been finalized at last.  WhatsApp was recently fined by the Irish Data Protection Commission an amount of 225 million Euros, which is over 3,7 billion Rands.  The Irish Data Protection Commission (DPC) is the equivalent of the Information Regulator in South Africa. The [...]

By | 10th September, 2021|4IR, Data Protection, GDPR, IT Law, PPM Attorneys, Privacy Law, Social media law, Technology Law|

French Data Protection Authority sanctions drone surveillance

On January 12, 2021, the French Data Protection Authority (Commission Nationale Informatique et Libertes – the “CNIL”) held that French Ministry of the Interior (the “Ministry”) was unlawfully processing personal information through the use of drones equipped with cameras. These drones were being used to monitor the public’s compliance with containment measures and public demonstrations. The Ministry was ordered to [...]

By | 26th January, 2021|4IR, Data Protection, GDPR, IT Law, PPM Attorneys, Privacy Law, Technology Law|

The “Schrems II” case and what it means for South Africa

On the 16th of July 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield. he EU–US Privacy Shield was a framework regulating exchanges of personal data for commercial purposes between the the European Economic Area ("EEA") and the United States. The CJEU further decided that the standard contractual clauses (“SCC”) adopted by the European Union Commission [...]

Digital Innovation and its impact on Privacy Law

The speed of digital innovation and the emergence of technologies such as facial recognition and fingerprint authentication has brought with it privacy and cybersecurity concerns. In the recent months, after the killing of George Floyd, law enforcement authorities in the United States deployed powerful surveillance tools to monitor and track the protests against systemic racism and police brutality. Drones were [...]

By | 14th July, 2020|4IR, Cybersecurity, Data Protection, GDPR, IT Law, PPM Attorneys, Privacy Law, Technology Law|

POPIA is vital for 4IR law

The fourth industrial revolution (“4IR”) is causing significant changes to the way we live, interact and do business. This is the future of technology, where objects, machines and various other devices connect with each other in a secure, networked environment. 4IR is being driven by intelligent machines that can perform complex tasks automatically by communicating with other machines, with little [...]

THE “NEDBANK BREACH”: WHAT IF THE PROTECTION OF PERSONAL INFORMATION ACT WAS IN FORCE?

Nedbank has handled the data breach its direct marketing services supplier - Computer Facilities (Pty) Ltd – suffered last week, reasonably well. This is evident from how they appear to have investigated it, to their frank, factual and informative press release. Apart from some reputational damage and a few million rand in forensics, legal and public relations agency fees, Nedbank [...]

By | 11th March, 2020|4IR, Cybersecurity, Data Protection, GDPR, PPM Attorneys, Privacy Law, Technology Law|

Tips for implementing effective privacy training in your organisation

Human error is the primary cause of personal data breaches[1]. The consequences of a data breach can be detrimental to a company and includes, not only direct damages and sanctions, but also substantial reputational harm. The mere occurrence of, as well as the costs and consequences of data breaches and data incidents could be drastically reduced by having appropriate awareness [...]

By | 28th January, 2020|4IR, Cybersecurity, Data Protection, GDPR, PPM Attorneys, Privacy Law|

Holding thumbs that SA’s Protection of Personal Information Act becomes effective on 1 April 2020!

Reports have been circulating, over the past two days, that South Africa's Protection of Personal Information Act, 2013 ("POPIA") could become law on 1 April 2020. These are certainly credible reports, as the Information Regulator has indeed written to President Cyril Ramaphosa, requesting that POPIA be made effective from the new (national government) financial year. The Information Regulator's Chairperson - [...]

Use of Facial recognition in schools sanctioned under GDPR

Biometrics is often presented as the most ergonomic and effective way of organising access control.  And this is probably the case! Local Swedish authorities reported that teachers were spending 17,000 hours a year reporting on attendance[1].  Given this shocking statistic, facial recognition at the classroom entrance could well be a very attractive option… The Swedish Data Protection Authority (the “Swedish [...]

By | 3rd September, 2019|4IR, Data Protection, GDPR, PPM Attorneys, Privacy Law|