Selling customer data such as banking records, vehicle registration and mobile phone usage is big business in China. Recent data theft of 130 million clients of Huazhu Hotels Group saw the stolen payment and contact information going for about US$56,000.
Financial market regulators from outside the EU are now seeking GDPR exemptions for the purpose of "public interest", for example cracking down on securities fraud, including the SEC in the U.S. as well as regulators in Japan and Hong Kong.
The California Consumer Privacy Act (CCPA) is the latest in privacy compliance. Although not as comprehensive as what is provided by the GDPR, there are useful operational overlap that can help with compliance with the CCPA.
While the legitimate interests ground for processing under the GDPR can be lawfully applied in many cases, a provisional balance should be established by data controllers with more safeguards for the protection of data subjects.
Mobile applications collect a lot of personal data. What are the GDPR considerations for mobile app businesses when laying out the concept and execution of their application?
Developing an effective privacy management infrastructure for GDPR compliance seems daunting. How do you prioritize to meet GDPR accountability obligations?
Out of all six legal bases for processing offered by the GDPR, consent and legitimate interests are the legal bases most likely to be relied upon to justify direct marketing. Where the direct marketing involves electronic communications, however, is where things get muddy.