Download free GDPR compliance checklist!

Tag Archives for " data transfer "

Health experts call for the GDPR revision for cross-border health data sharing

Health experts are urging EU policymakers and legislators to review the EU’s legal data protection framework, the GDPR, which is hampering the sharing of pseudonymised health data outside the EU and the European Economic Area (EEA).

The report calls for adapting or expanding the existing legal framework to overcome challenges imposed by data protection regulations.

These guidelines by the European Data Protection Board recognise that, in the context of the current pandemic, the “public interest derogation” may be available for international data exchanges for research purposes. However, as health is a national competence, the multiple and conflicting national rules make health data sharing, both within and outside the EU/EEA, challenging.

Source: Health experts call for the GDPR revision for cross-border health data sharing – EURACTIV.com

Wyden proposes banning sale of personal data to ‘unfriendly’ governments

The proposal would treat Americans’ personal data with the same caution as powerful weaponry, using export-control laws to block its sale to countries marked as potential security threats.

The draft bill, which Wyden began circulating to lawmakers for discussion Thursday, would join a set of federal privacy proposals that would also restrict the sale of Americans’ personal information to U.S. companies, intelligence agencies and the police.

The move could disrupt the multibillion-dollar data-broker economy that seeks to monetize the digital footprints Americans leave behind every day — cellphone locations, browsing histories and credit card purchases that are gathered, bundled and sold for marketing and intelligence purposes without government regulation or oversight and without most people being aware of what information is being shared.

Source: Wyden proposes banning sale of personal data to ‘unfriendly’ governments – The Washington Post

EDPB Gives the Green Light to the Commission’s Draft UK Adequacy Decisions

On 13 April 2021, the European Data Protection Board (EDPB) adopted two Opinions on the draft UK adequacy decisions: (i) Opinion 14/2021 for transfers of personal data under the EU General Data Protection Regulation (GDPR); and (ii) Opinion 15/2021 for transfers of personal data under the Law Enforcement Directive (LED).

Whilst the Opinions have not yet been published, the EDPB has confirmed in a press release that it has identified “many aspects [of the UK data protection framework] to be essentially equivalent ” to the EU data protection framework.

Source: EDPB Gives the Green Light to the Commission’s Draft UK Adequacy Decisions

Surveillance exposes limits of transatlantic AI collaboration

The European Commission will propose legislation on artificial intelligence this month, and it has taken pains to emphasize that its priority is to strictly regulate what it deems “high-risk” uses. One example is the use of facial recognition technology in public places, which digital rights groups argue could enable widespread biometric surveillance. Commission President Ursula von der Leyen even hinted at banning such uses, saying the Commission “may need to go further” in regulating AI technologies “incompatible” with European human rights.

But Europe’s drive to put privacy front and center of its AI strategy could limit the scope of its collaboration with the U.S., which appears to be less concerned about surveillance. “The illegal use of personal data for facial recognition is not compatible with European fundamental rights and poses an issue for transatlantic cooperation on AI,” said Green MEP Alexandra Geese, who’s a member of the Parliament’s artificial intelligence committee.

Source: Clearview scandal exposes limits of transatlantic AI collaboration – POLITICO

Smartphones share our data every four and a half minutes

Android handsets and iPhones share data with their respective companies on average every 4½ minutes, with data being sent back even when idle in a pocket or handbag, according to a new academic study.

The study, which was published by Prof Doug Leith at Trinity’s Connect Centre, claimed iPhones offered no greater privacy than Google devices.

However, the study noted that Google handsets collected “a notably larger volume of handset data than Apple” with 1MB of data being sent from idle Google Pixel handsets every 12 hours, compared with 52KB sent from the iPhone.

Source: Smartphones share our data every four and a half minutes, says study

EU concludes the adequacy talks with South Korea

European Union and the Republic of Korea have successfully concluded the adequacy talks, finding that Korea’s data protection level is adequate to one of EU’s. Adequacy decision will mean free data flow between EU and Korea.

The European Commission will now proceed with launching the decision-making procedure with a view to having the adequacy decision adopted as soon as possible in the coming months.

This involves obtaining an opinion from the European Data Protection Board (EDPB) and the green light from a committee composed of representatives of the EU Member States.

Source: Personal Information Protection

Bavarian DPA Declares Use E-mail Marketing Service Prohibited without Assessment and Supplementary Measures

The state Data Protection Authority of Bavaria declared the use of U.S. e-mail marketing service Mailchimp by a fashion magazine (acting as controller) in Bavaria impermissible due to non-compliance with Schrems II mitigation steps in relation to the transfer of e-mail addresses to Mailchimp in the U.S.

Mailchimp provided e-mail newsletter services to the controller, which had used Mailchimp’s e-mail marketing service only twice, to send newsletters to customers. Controller relied on EU Standard Contractual Clauses for the transfer of e-mail addresses from Germany to the U.S., in order to make use of e-mail marketing services directed to German customers by Mailchimp on its behalf.

The Bavarian DPA took the position that as an e-mail marketing service, “there are at least indications” that Mailchimp could qualify as an “electronic communication service provider” under U.S. surveillance law (i.e., FISA 702) and, therefore, “the transfer could only be permissible by taking supplementary measures, if suitable.” In the Bavarian DPA’s view, the controller had failed to assess the risk and implement supplementary measures for the transfer of EU personal data to Mailchimp in the U.S.

Source: Bavarian DPA Declares Transfers to E-mail Marketing Service Prohibited Due to Lack of Controller’s Assessment and Supplementary Measures

Roskomnadzor proposes to restrict cross-border data transfer

Roskomnadzor proposes to expand the law on personal data to foreign Internet sites and restrict cross-border data transfer in order to protect the rights of citizens.

This was announced by the deputy head of the department, Vladimir Logunov, during a meeting of the working group of the State Duma committee on combating cybercrimes.

Source: Роскомнадзор предлагает расширить действие закона о персональных данных — Российская газета

Intensifying Negotiations on transatlantic Data Privacy Flow

On March 25 EU Commissioner for Justice, Didier Reynders, and U.S. Secretary of Commerce, Gina Raimondo made a statement regarding future of transatlantic data flows.

The U.S. Government and the European Commission have decided to intensify negotiations on an enhanced EU-U.S. Privacy Shield framework to comply with the July 16, 2020 judgment of the Court of Justice of the European Union in the Schrems II case.

Source: Intensifying Negotiations on transatlantic Data Privacy Flow

Commission ‘not naive’ about UK’s data ambitions, Reynders assures MEPs

The European Commission is ‘not naive’ to the UK’s future ambitions in the data space and will be ‘prepared’ to suspend transfers of personal data to the country should the UK in the future diverge from EU standards, Justice Commissioner Didier Reynders has said.

In February, the Commission issued draft adequacy approval on transfers of personal data between the EU and the UK, following the latter’s decision to withdraw from the European Union. However, EU lawmakers in Brussels doubt that the UK’s future data protection landscape will be fully aligned with EU data protection standards.

Source: Commission ‘not naive’ about UK’s data ambitions, Reynders assures MEPs – EURACTIV.com

1 2 3 27