As we know, every data processing must be justified by at least one of the legal bases defined in the Data Regulation. In practice and in everyday life, they are also called legal bases or grounds for data processing. Without the application of an appropriate legal basis, data processing is unlawful. There are six legal grounds: consent, performance of contract, legal obligation, public interest or official authority, protection of vital interests and respect for legitimate interests. The organization or manager…
Read moreLATVIAN SUPERVISORY AUTHORITY: Processing of personal data after termination of employment relationship #2
When creating the company’s public image and publishing information about its current events and achievements, employers tend to include information about specific employees in such publications – for example, about their participation in a project or conference. As long as the employee works for the company, it is understandable why he is mentioned in publications. However, the question arises as to what happens to this information when the employee leaves the company. Can an employer refuse to delete information about…
Read moreFRENCH SUPERVISORY AUTHORITY: Health data: €800,000 fine against CEGEDIM SANTÉ
On September 5, 2024, the CNIL fined CEGEDIM SANTÉ €800,000, in particular for processing health data without authorization. The context The company CEGEDIM SANTÉ publishes and sells management software to general practitioners working in private practices and health centers. Around 25,000 medical practices and 500 health centers use this software. It allows doctors to manage their schedules, their patients’ files and their prescriptions. The inspections carried out by the CNIL in 2021 revealed in particular that, in the context of…
Read moreCANADIAN SUPERVISORY AUTHORITY: welcomes the Federal Court of Appeal’s decision on Facebook
The Privacy Commissioner of Canada, Philippe Dufresne, issued the following statement on today’s unanimous decision by the Federal Court of Appeal that Facebook’s practices between 2013 and 2015 breached Canada’s federal private-sector privacy law (the Personal Information Protection and Electronic Documents Act (PIPEDA)): “This landmark ruling is an acknowledgement that international data giants, whose business models rely on users’ data, must respect Canadian privacy law and protect individuals’ fundamental right to privacy. Facebook operates the world’s largest social media network and collects a vast…
Read more