TrustArc Blog

Leveraging GDPR ‘Legitimate Interests Processing’ for Data Science

November 18, 2019

  Darren Abernethy, Senior Counsel TrustArc Ravi Pather, VP Sales CryptoNumerics The GDPR is not intended to be a compliance overhead for controllers and processors. It is intended to bring higher and consistent standards and processes for the secure treatment of personal data. It’s fundamentally intended to protect the privacy rights of individuals. This cannot be more true than in emerging data science, analytics, AI and ML environments where due to the nature of vast amounts of data sources there is higher risk of identifying the personal and sensitive information of an individual. The GDPR requires that personal data be … Continue reading Leveraging GDPR ‘Legitimate Interests Processing’ for Data Science

EU High Court Confirms Pre-Ticked Boxes Are Insufficient for Cookie Consent

October 03, 2019

On October 1st, in the much anticipated Planet49 case, the Court of Justice of the European Union (ECJ) affirmed an earlier opinion set forth by the Advocate-General that utilizing pre-ticked boxes to obtain consent for website cookies does not represent valid consent because it does not show affirmative, unambiguous action on the part of the data subject.  The Court decided this with reference to the GDPR, the ePrivacy Directive and the GDPR’s predecessor, the Data Protection Directive, which was in force at the time of the matter at issue. The case, referred to the ECJ by the highest court in … Continue reading EU High Court Confirms Pre-Ticked Boxes Are Insufficient for Cookie Consent

Four Boxes You Must Have Checked Before You Leverage Legitimate Interests as Your Basis for Data Processing

September 18, 2019

The GDPR, Brazil LGPD, Thailand PDPA, and many other privacy regulations around the globe require that organizations determine the legal basis for processing individuals’ data (customers, employees, etc.) as part of their business operations.  For example, Article 6 of the GDPR states that processing shall be lawful only if at least one of the following applies: data subject consent has been obtained; processing is necessary for performance of a contract; processing is necessary for compliance with a legal obligation, to protect someone’s life or to perform a task in the public interest; or the processing is necessary for your legitimate … Continue reading Four Boxes You Must Have Checked Before You Leverage Legitimate Interests as Your Basis for Data Processing

Upcoming Webinar: GDPR Compliance: Convince Customers, Partners, and The Board You Are Compliant!

June 17, 2019

TrustArc is proud to present the next Privacy Insight Series webinar “GDPR Compliance: Convince Customers, Partners, and The Board You Are Compliant!” with TrustArc General Counsel & Chief Data Governance Officer Hilary Wandall and Centre for Information Policy Leadership at Hunton & Williams LLP President Bojana Bellamy. This webinar will take place on Wednesday, June 19th at 9am PT / 12pm ET / 5pm GMT. Don’t miss this opportunity to learn more about GDPR compliance – register today! Many companies have invested significant time and resources trying to design and implement GDPR compliance programs. Internally, they may have generated hundreds … Continue reading Upcoming Webinar: GDPR Compliance: Convince Customers, Partners, and The Board You Are Compliant!

Managing Privacy Compliance in the Cloud

April 18, 2019

The number and complexity of regulations addressing data privacy continues to increase significantly. Companies offering cloud-based services must comply with these regulations or risk losing business due to customer trust issues and/or potential fines and other legal action. Compliance with regulations like the GDPR and CCPA requires companies to address a wide range of items, including privacy assessments, cookie consent, and data subject access requests. The digitization of data has inevitably led to a myriad of data privacy laws that span the globe. These regulations all need to be considered when doing business in the respective countries/regions to which the … Continue reading Managing Privacy Compliance in the Cloud

CCPA and GDPR Compliance Report: New Research Measures Compliance Status and Plans for CCPA and GDPR (Part 3 of 3)

April 17, 2019

The European Union’s (EU) General Data Protection Regulation (GDPR) has been occupying the minds of privacy professionals for the past two years and now attention is shifting to the California Consumer Privacy Act (CCPA). The CCPA is the toughest US privacy regulation to date and its impact will be felt by almost every organization that does business in California or handles personal information of California citizens. To understand the readiness and plans for businesses to meet the January 1, 2020 deadline for the CCPA, Dimensional Research conducted this research among 250 US privacy professionals from Feb 15th – 27th, 2019. … Continue reading CCPA and GDPR Compliance Report: New Research Measures Compliance Status and Plans for CCPA and GDPR (Part 3 of 3)