News
GDPR’s First Two Years – Guideline for Serbia’s DP Practitioners
BDK Advokati’s senior associate Milica Basta spoke at the online conference “Data Protection – 2020” hosted by the agency Forum Media from Belgrade.
Personal Data through Video Devices
Following the recent Guidelines 3/2019 on processing of personal data through video devices issued by the European Data Protection Board (EDPB), the Hellenic Data Protection Authority (HDPA) issued the Guidelines attached hereto on how data controllers should inform data subjects of the processing of their personal data through CCTV systems according to the GDPR.
Artificial Intelligence & Data Protection
Artificial intelligence (AI) is widely recognised as one of the defining industrial phenomena of the 21st century. In today’s technology-dependent world, its potential impact on business and economic development can hardly be understated.
Coronavirus: Stay Healthy and be GDPR Compliant
When planning to collect employees’ personal data as part of the efforts to monitor and prevent the spread of COVID-19 among the organisation, the employers should consider also the data protection implications thereon. Such implications arise in particular when the envisaged processing entails the collection and use of special categories of data, such as health data (e.g., data resulting from screening or testing of employees’ health condition, information that an employee is or may be infected with the coronavirus that causes COVID-19).
Serbia Gets its Standard Contractual Clauses
The Serbian Commissioner for Information of Public Importance and Personal Data Protection issued on 16 January 2020 the long-awaited Standard Contractual Clauses that became applicable on 30 January 2020.
Serbian SCCs are not designed as a cross-border transfer instrument first and foremost. Rather, the clauses apply to a controller-processor relationship irrespective of where the controller and the processor operate. In line with that, Serbian SCCs follow the structure of the data processing agreement as prescribed by Article 28 of the GDPR, i.e. by the corresponding Article 45 of the Serbian DP Act (2018).
What is the Cost of a “Like”? (Case no. C-40/17 - Fashion ID)
The development and widespread use of the online social network Facebook has changed not only the dynamics of social relationships, but also - together with other online platforms and tools - the manner in which enterprises advertise their business. More and more companies are adopting new advertising strategies that focus primarily on product recognition. Given its popularity, Facebook is proving to be an ideal platform for businesses (especially online traders) to pursue such strategies with little investment - at least at first glance.
Linking online stores to content on Facebook may have unintended consequences - especially in terms of consumer protection and data protection law - as illustrated in the ECJ’s judgement in case C-40/17 of 29 July 2019.
ECJ: Storing Cookies Requires User’s Active Consent
On 1 October 2019, the European Court of Justice (the “ECJ”) handed down its long-awaited preliminary ruling on the meaning of consent regarding cookies following a request from the German Federal Court of Justice during a case between the Federation of Consumer Organisations and the lottery services provider Planet49 GmbH (Case C673/201, Planet49 GmbH v. Bundersverband der Verbraucherzentralen und Verbraucherverbaende – Verbraucherzentrale Bunderverband e.V). In a nutshell, Planet49 GmbH operated an online lottery scheme which (i) asked via a pre-ticked box for user’s consent for placing web analytics cookies and (ii) required users to provide mandatorily their consent to receiving marketing emails by third parties as a precondition for their participation in the lottery.
Advantages of Serbia’s New Data Protection Law
BDK Advokati has contributed to the Serbia chapter in the 2020 edition of Getting the Deal Through – Data Protection & Privacy (August 2019). The chapter presents the regulatory frameworks both under the data protection law from 2008 and under the law which became applicable in August 2019. The exposition of the two laws allows the reader to understand the changes which the new law brings into the legal regime governing the processing of personal data in Serbia.
The new law is modelled under the EU General Data Protection Regulation. As the Serbia chapter shows, the law dispenses with most of the unnecessary restrictions on the processing of personal data. At the same time, the law strengthens the individuals’ rights and introduces new, but realistic, requirements from the data controllers and data processors
New Data Protection Law Discussed at the Serbian Chamber of Commerce
Bogdan Ivanisevic, partner at BDK Advokati, spoke on 23 September 2019 about Serbia’s new Data Protection Act to representatives of the leading Serbian companies. The event took place in the packed conference hall of the Serbian Chamber of Commerce. The Chamber co-organised the event with the Ministry of Justice.
COVID-19
A GDPR Perspective on Scientific Research in Times of a Pandemic
Scientific research has always been a primary focus for the EU with the sharing of data for this purpose being promoted in the fundamental treaties of the Union. Recently, the Committee for Medicinal Products for Human Use of the European Medicines Agency has indicated it is now more than ever necessary for institutions to collaborate to obtain “robust and interpretable evidence” in view of finding a safe treatment for COVID-19.
I know where you are. Does anyone else know?
To ensure individuals to comply with measures to contain its diffusion and reduce the risk of exposure, governments may seek to process personal data, such as location data of individuals.
Coronavirus: Stay Healthy and be GDPR Compliant
When planning to collect employees’ personal data as part of the efforts to monitor and prevent the spread of COVID-19 among the organisation, the employers should consider also the data protection implications thereon. Such implications arise in particular when the envisaged processing entails the collection and use of special categories of data, such as health data (e.g., data resulting from screening or testing of employees’ health condition, information that an employee is or may be infected with the coronavirus that causes COVID-19).
