GDPR

Two first decisions on Google Analytics’ data transfers to the US

Following the “Schrems 2” decision from the Court of Justice of the European Union (CJEU) on 16 July 2020 invalidating the privacy shield((The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield (europa.eu).)), the European Data Protection Authorities (DPAs) are now taking the first “real world” decisions.   A few [...]

The importance of social media policies in schools

INTRODUCTION Social media refers to forms of electronic communication through which users create online communities to share information, ideas, personal messages, videos and other content.  Since the beginning of the COVID-19 pandemic, social media has proven to be a useful tool through which teachers and learners can communicate.  This enables  them to facilitate learning while adhering to the social distancing [...]

By | 7th March, 2022|Child law, Data Protection, GDPR, Information Security, Social media law|

NEW EU SCC’s: IMPACT ON SOUTH AFRICAN BUSINESS

On 4 June 2021, the European Commission adopted two new sets of Standard Contractual Clauses (“2021 SCCs”). The 2021 SCC’s will replace the old SCC’s adopted in 2010.  The adoption of new SCC’s is to reflect the changes to European Union (“EU”) data privacy law, under the General Data Protection Regulation 2016/679 ("GDPR") and the Schrems II decision((Case C-311/18 Data Protection Commissioner [...]

WhatsApp fines under the GDPR: A wake up call for businesses to comply

What happened with WhatsApp? The case that Max Schrems filed against WhatsApp back in December 2018 has been finalized at last.  WhatsApp was recently fined by the Irish Data Protection Commission an amount of 225 million Euros, which is over 3,7 billion Rands.  The Irish Data Protection Commission (DPC) is the equivalent of the Information Regulator in South Africa. The [...]

By | 10th September, 2021|4IR, Data Protection, GDPR, IT Law, PPM Attorneys, Privacy Law, Social media law, Technology Law|

French Data Protection Authority sanctions drone surveillance

On January 12, 2021, the French Data Protection Authority (Commission Nationale Informatique et Libertes – the “CNIL”) held that French Ministry of the Interior (the “Ministry”) was unlawfully processing personal information through the use of drones equipped with cameras. These drones were being used to monitor the public’s compliance with containment measures and public demonstrations. The Ministry was ordered to [...]

By | 26th January, 2021|4IR, Data Protection, GDPR, IT Law, PPM Attorneys, Privacy Law, Technology Law|

The “Schrems II” case and what it means for South Africa

On the 16th of July 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield. he EU–US Privacy Shield was a framework regulating exchanges of personal data for commercial purposes between the the European Economic Area ("EEA") and the United States. The CJEU further decided that the standard contractual clauses (“SCC”) adopted by the European Union Commission [...]

Digital Innovation and its impact on Privacy Law

The speed of digital innovation and the emergence of technologies such as facial recognition and fingerprint authentication has brought with it privacy and cybersecurity concerns. In the recent months, after the killing of George Floyd, law enforcement authorities in the United States deployed powerful surveillance tools to monitor and track the protests against systemic racism and police brutality. Drones were [...]

By | 14th July, 2020|4IR, Cybersecurity, Data Protection, GDPR, IT Law, PPM Attorneys, Privacy Law, Technology Law|

POPIA is vital for 4IR law

The fourth industrial revolution (“4IR”) is causing significant changes to the way we live, interact and do business. This is the future of technology, where objects, machines and various other devices connect with each other in a secure, networked environment. 4IR is being driven by intelligent machines that can perform complex tasks automatically by communicating with other machines, with little [...]

THE “NEDBANK BREACH”: WHAT IF THE PROTECTION OF PERSONAL INFORMATION ACT WAS IN FORCE?

Nedbank has handled the data breach its direct marketing services supplier - Computer Facilities (Pty) Ltd – suffered last week, reasonably well. This is evident from how they appear to have investigated it, to their frank, factual and informative press release. Apart from some reputational damage and a few million rand in forensics, legal and public relations agency fees, Nedbank [...]

By | 11th March, 2020|4IR, Cybersecurity, Data Protection, GDPR, PPM Attorneys, Privacy Law, Technology Law|

Tips for implementing effective privacy training in your organisation

Human error is the primary cause of personal data breaches[1]. The consequences of a data breach can be detrimental to a company and includes, not only direct damages and sanctions, but also substantial reputational harm. The mere occurrence of, as well as the costs and consequences of data breaches and data incidents could be drastically reduced by having appropriate awareness [...]

By | 28th January, 2020|4IR, Cybersecurity, Data Protection, GDPR, PPM Attorneys, Privacy Law|