Loading...

Follow Signatu Blog - Georg Philip Krog on Feedspot

Continue with Google
Continue with Facebook
or

Valid

The first guide has the following table of contents:

Trackerdetect Legal GuideDuty to discover TrackersDuty to have a Tracker policyDuty to classify site owner and TrackerDuty when Tracker is “processor”Duty when site owner is joint controller with TrackerDuty to have legal basisDuty when Consent is the proper legal basisDuty when Legitimate Interest is the proper legal basisDuty when site visitors’ personal data are transferred outside the EUDuty to have a Processing Record with Tracker detailsDuty to risk assess TrackersDuty to include Tracker details in Privacy PolicyDuty to include Tracker details in Access Right ResponseDuty to notify Trackers
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The first guide has the following table of contents:

GDPR Consent: Legal GuideWhat to do?Upcoming GuidesGDPR attitudeDefinitionModalitiesPower dynamics“CONSENT-OMETER”Consent Request: Is information specific?Consent Request: Is specific information linked?Consent Request: Is specific purpose separate?Consent Request: Is a single specific purpose limited?Consent Request: Is information understandable?Consent Request: Is information accessible?Consent Dialogue: Clearly distinguishable from other information?Consent Dialogue: Consent actions provided?Consent Dialogue: Must object actions be provided?Consent Dialogue: Termination actions provided?Consent Dialogue: Actions for valid consentConsent Dialogue: Is action to consent understandable?Consent Dialogue: Is action to terminate understandable?Consent Dialogue: Free to act?Consent Dialogue: Who provides information in case of joint controllership?Consent Dialogue: When to provide information?Consent Dialogue: Who receives consent and for what?Consent Dialogue: Is Privacy Policy linked to?
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The first guide has the following table of contents:

GDPR Consent: Legal GuideWhat to do?Upcoming GuidesGDPR attitudeDefinitionModalitiesPower dynamics“CONSENT-OMETER”Consent Request: Is information specific?Consent Request: Is specific information linked?Consent Request: Is specific purpose separate?Consent Request: Is a single specific purpose limited?Consent Request: Is information understandable?Consent Request: Is information accessible?Consent Dialogue: Clearly distinguishable from other information?Consent Dialogue: Consent actions provided?Consent Dialogue: Must object actions be provided?Consent Dialogue: Termination actions provided?Consent Dialogue: Actions for valid consentConsent Dialogue: Is action to consent understandable?Consent Dialogue: Is action to terminate understandable?Consent Dialogue: Free to act?Consent Dialogue: Who provides information in case of joint controllership?Consent Dialogue: When to provide information?Consent Dialogue: Who receives consent and for what?Consent Dialogue: Is Privacy Policy linked to?
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

This blogpost will deal with Technology for ePrivacy requirements.

Let´s start with the Planet 49 case and the issue of cookie consent and what the Advocate General says:

Watch this space for more.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

How to meet legal obligations when site owners have 3rd parties on their sites?

  1. Until recently, many site owners believed that 3rd parties on websites count as data processors only, which, if correct, would trigger legal obligations regarding data processors only.
  2. A recent GA Opinion (Fashion ID Case) says that when a 3rd party embedded on a website receives site visitors' personal data (e.g. IP address, browser string),
  • that 3rd party acts as a controller
  • the site owner is towards its site visitors responsible for
    • informing about the 3rd party
    • requesting consent for using the 3rd party before processing
  • that 3rd party and the site owner are jointly responsible for the collection and transmission of personal data to the 3rd party.
  1. Watch this space for more on this topic.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Here's what happens if your cache is cleared of all cookies and you visit a website that will personalise ads to you.

The illustration shows that consent to cookie ID matching for ads is impossible without breaking the law.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

This is the Summary and Table of Content of our Data Processing Agreement.

Summary
  1. Agree: You may order our Consent Service Under the Cloud Service Agreement (“CSA”). We process Personal Data on your behalf under Signatu AS Data Processing Agreement ("DPA").
  2. Personal data: We process Consent Event Data on your behalf.
  3. Lawful processing: You are responsible for why and how we process Consent Event Data on your behalf.
  4. Data deletion You decide when we shall delete the Consent Event Data. We delete or return the Consent Event Data shortly after your term expiry.
  5. Data Security: We secure the Consent Event Data with appropriate technical or organisational measures.
  6. Confidentiality: We do not disclose the Consent Event Data to third parties.
  7. Audits: We allow you to audit us.
  8. Processing Records: We maintain a record of processing activities that we carry out on your behalf.
  9. Assistance: We assist you to respond to end users' request to exercise their Data Subject Rights with regard Consent Event Data.
  10. Data Breach: In case of a data breach we will notify you without undue delay, mitigate effects and minimise any damage.
  11. DPIA and Consultation: We will assist you with Data Protection Impact Assessment and Prior Consultation with Data Protection Authorities.
  12. Cloud host: We use AWS in Ireland to host our Consent Service.
  13. Limited liability: We have limited liability in relation to you and third parties.
  14. Friendly problem solving: If we ever end up in a dispute, we will try to solve issues in a friendly way.
  15. Disputes in Norway: Any dispute will be resolved in Norway only, and under Norwegian law only.
  16. Communication with you: To communicate with you, we will use your sign up Email Address.
  17. Communication with us: To communicate with us, you will use our Email Address: hello@signatu.com
  18. English communication: Together, we and you communicate in English only.
1 Parties and Scope2 Meaning of terms in DPA3 Customer instructions and responsibilities with regard to Processing3.1 Role of Customer3.2 Role of Signatu3.3 Scope of Permission3.4 Customer’s acknowledgment4 Lawful processing4.1 Customer’s Warranties for Lawful Processing4.2 Customer’s Responsibility for Lawful Processing4.3 Customer’s Responsibility for Customer’s Instruction4.4 Processing in conflict with DPA5 Data Deletion or Return5.1 Power to delete5.2 Deletion during Term5.3 Deletion in accordance with GDPR Art 17.1 and 195.4 Deletion on Term Expiry5.5 Omitted Deletion Instruction6 Data Security6.1 Signatu’s Security Measures6.2 Customer’s Security Responsibility7 Confidentiality7.1 Signatu’s Confidentiality Obligation7.2 Signatu’s redirection of Authorities to Customer7.3 Signatu’s Notice to Customer7.4 Customer’s Notice to Signatu7.5 Customer’s Responsibility8 Confidentiality obligations of Signatu personnel9 Audits9.1 Customer’s Audit Rights9.2 Request9.3 Objection9.4 Date, scope and duration9.5 Confidential Information9.6 Responsibility for Auditor’s Fees9.7 Responsibility for Signatu’s costs9.8 Supervisory Authority Audits10 Processing Records10.1 Processing Record Obligation10.2 Customer Record Information Obligation11 Assistance to Customer11.1 Data Subject Rights11.1.1 Customer’s Responsibility to Respond to Data Subject Requests11.1.2 Signatu’s Assistance11.2 Notification of a Personal Data Breach11.2.1 Signatu’s Notification11.2.2 Signatu’s Assistance11.2.3 Customer’s Responsibility11.3 Data Protection Impact Assessment and Prior Consultation11.3.1 Signatu’s Assistance12 Payment for Assistance13 Sub-processors13.1 Customer Authorization to engage Sub-processors13.2 Obligations for replacement or addition of Sub-processor14 Liability, penalties and fines14.1 Separate Responsibility for Damage14.2 Customer’s Sole Responsibility14.3 Liability14.3.1 Liability Cap14.3.2 Liability Cap Exclusions15 Nondisclosure16 Communication between Parties16.1 Obligation to use Notification Email Address16.2 Customer’s Responsibility16.3 Language17 Entire DPA18 Customer’s independent conclusion of Signatu GDPR compliance19 Customer Warranties20 Acceptance of DPA21 Entry into force and duration of DPA22 Dispute Resolution, Applicable Law and Jurisdiction
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The background of "EYE-ON-ADTECH Part 2" is the Fashion ID case + the Google CNIL case + the complaint against IAB Europe and Google regarding Real Time Bidding (RTB) for ad space on websites and apps.

Read "EYE-ON-ADTECH Part 1 and 2" online, published in LegalBusinessWorld, No. 2, 2019.

By Georg Philip Krog and Henriette Dedichen.

EYE-ON-ADTECH, Part 2
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

This cartoon shows - in a funny way - the influence and consequences of advertising technology on behaviour.

It's also a wink to Google that was fined due to the lack of transparency, inadequate information and no valid consent regarding the personalization of ads.

By Georg Philip Krog and Henriette Dedichen.

Published in LegalBusinessWorld, No. 1, 2019.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Read Full Article

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview