Photo of Mario Fadi Ayoub

On December 22, 2021, the Austrian Data Protection Authority (DSB) found that medical news company, NetDoktor, violated Europe’s General Data Protection Regulation (GDPR) by using Google LLC’s popular data analytics platform, Google Analytics (GA), on its website, which resulted in the transfer of personal information from Europe to Google’s servers located in the United States (U.S.).1 Such transfers are generally prohibited unless an adequate level of data protection exists pursuant to Article 44 of the GDPR, including through European Commission-approved standard contractual clauses (SCCs).
Continue Reading Austrian Data Protection Authority Finds Website Use of Google Analytics Violates GDPR

On November 17, 2020, Canada’s Minister of Innovation, Science and Industry introduced the proposed Digital Charter Implementation Act (DCIA or “Act”), new legislation from the Liberal Party of Canada that could dramatically alter how the country regulates consumer data.[1] The Act, which will likely extend to businesses outside of Canada, aims to “significantly increase protections to Canadians’ personal information” and “provide significant new consequences for non-compliance with the law.”[2] The DCIA grants consumers powerful consent rules, including the ability to withdraw consent, control over the transfer of their information to third parties, algorithmic transparency rights and data de-identification safeguards.[3] Penalties for noncompliance are substantial and can reach as high as 5% of a company’s revenue or C$25 million, whichever is greater.[4]
Continue Reading Canada Proposes New Privacy Bill