fbpx

Download free GDPR compliance checklist!

Tag Archives for " EDPB "

No grace period after Schrems II Privacy Shield ruling, warn EU data watchdogs

European data watchdogs have issued updated guidance in the wake of last week’s landmark ruling striking down a flagship transatlantic data transfer mechanism called Privacy Shield.

In an FAQ on the Schrems II judgement, the European Data Protection Board (EDPB) warns there will be no regulatory grace period.

Source: No grace period after Schrems II Privacy Shield ruling, warn EU data watchdogs | TechCrunch

EDPB Adopts Information Note on BCRs in Preparation for Brexit

On July 22, 2020, the European Data Protection Board (the “EDPB”) adopted an information note (the “Note”) to assist organizations relying on Binding Corporate Rules (“BCRs”) for international personal data transfers, as well as supervisory authorities, in preparing for the end of the Brexit implementation period on December 31, 2020.

The Note is provided specifically for those groups of undertakings and enterprises that have the UK Information Commissioner’s Office (“ICO”) as the competent supervisory authority for their BCRs.

Source: EDPB Adopts Information Note on BCRs in Preparation for Brexit

EDPB clarifies Brexit obligations for holders of Binding Corporate Rules which have the UK ICO as their lead authority

On July 22, 2020, the European Data Protection Board (EDPB) released an information note on Binding Corporate Rules (BCRs), which provides guidance for groups of undertakings/enterprises which have the UK Information Commissioner’s Office (ICO) as their competent supervisory authority.

As a consequence of Brexit, BCR holders having the ICO as their BCR Lead Supervisory Authority (SA) need to identify a new BCR Lead SA in the EEA  and must amend their BCRs before the end of the Brexit transition period.

Source: EDPB clarifies Brexit obligations for holders of Binding Corporate Rules which have the UK ICO as their lead authority

EU fires warning shot to UK over post-Brexit US data-sharing

Safeguards outlined in a preliminary data-sharing agreement struck between the UK and US last year may not be sufficient, the EU’s data protection watchdog has declared.

The UK entered into an agreement with the US in October 2019 to reduce the barriers to data-sharing to better equip law enforcement agencies to fight crime. However, terms of this agreement may undermine the UK’s hopes of achieving a data adequacy decision with the EU once the Brexit transition period ends on 31 December.

The European Data Protection Board (EDPB), which oversees the application of GDPR consistently across EU member states, has cast doubt over whether safeguards outlined in the agreement are compatible with existing data protection laws.  Without an adequacy decision, free data flows between the EU and the UK would be disrupted, with data unable to flow from European countries to the UK.

Source: EU fires warning shot to UK over post-Brexit US data-sharing | IT PRO

EU watchdog sets up TikTok task force, warns on Clearview AI software

Chinese video app TikTok’s practices are to be examined by an EU task force, the bloc’s privacy watchdog said on Wednesday, which also warned EU police forces against using facial recognition software from U.S. company Clearview AI.

The European Data Protection Board (EDPB) said it would set up a task force to assess TikTok’s activities across the bloc after a request from an EU lawmaker concerned about its data collection methods and security and privacy risks. The task force will coordinate potential actions and seek an overview of TikTok’s processing and practices across the EU, the EDPB said in a statement.

Source: EU watchdog sets up TikTok task force, warns on Clearview AI software – Reuters

Hungarian Government Suspends GDPR Data Subjects Rights

On May 4, 2020, the Hungarian Government issued a Decree that suspends, during the COVID-19 created state of emergency, the one-month deadline that controllers have under the GDPR to reply to data subject rights requests.

According to the Decree, the normal one-month deadline to reply to data subject rights requests will start running once the state of emergency ends, for which there is no fixed date yet.

The Decree also allows public entities to refuse or suspend freedom of information (“FOIA”) requests in certain situations. The Decree has been heavily criticized by civil society groups and prompted the scrutiny by the European Data Protection Board (“EDPB”).

Source: Hungarian Government Suspends GDPR Data Subjects Rights

No cookie consent walls — and no, scrolling isn’t consent, says EU data protection body

On 4 May, the European Data Protection Board (“EDPB”) adopted an updated version of its guidelines on consent.

EDPB stated that you can’t make access to your website’s content dependent on a visitor agreeing that you can process their data — aka a ‘consent cookie wall’. EDPB also stated that scrolling on a website or digital service can not — in any way — be interpreted as consent.

Source: No cookie consent walls — and no, scrolling isn’t consent, says EU data protection body | TechCrunch

EDPB adopts further COVID-19 guidance

During its 23rd plenary session, the EDPB adopted guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak and guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak.

The  guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak aim to shed light on the most urgent legal questions concerning the use of health data, such as the legal basis of processing, further processing of health data for the purpose of scientific research, the implementation of adequate safeguards and the exercise of data subject rights.

The guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak aim to clarify the conditions and principles for the proportionate use of location data and contact tracing tools, for two specific purposes:
1.    using location data to support the response to the pandemic by modelling the spread of the virus in order to assess the overall effectiveness of confinement measures;
2.    using contact tracing, which aims to notify individuals who may have been in close proximity to someone who is eventually confirmed as a carrier of the virus, in order to break the contamination chains as early as possible.

Source: European Data Protection Board – Twenty-third Plenary session: EDPB adopts further COVID-19 guidance | European Data Protection Board

The EDPB Responds to the European Commission’s Recommendation on COVID-19 Mobile Apps

On April 14, 2020, the European Data Protection Board (the EDPB) published a letter in response to the European Commission’s call for consultation (the letter ) regarding its recommendation on the use of mobile applications and location data to fight the COVID-19 outbreak.

In its letter, the EDPB sets forth data privacy and information security measures that app developers should consider when developing mobile applications to inform individuals or monitor infected persons (COVID-19 mobile apps).

Source: The EDPB Responds to the European Commission’s Recommendation on COVID-19 Mobile Apps

Google gobbling Fitbit is a major privacy risk

The European Data Protection Board (EDPB) has intervened to raise concerns about Google’s plan to scoop up the health and activity data of millions of Fitbit users — at a time when the company is under intense scrutiny over how extensively it tracks people online and for antitrust concerns.

Google confirmed its plan to acquire Fitbit last November, saying it would pay $7.35 per share for the wearable maker in an all-cash deal that valued Fitbit, and therefore the activity, health, sleep and location data it can hold on its more than 28M active users, at ~$2.1 billion.

Regulators are in the process of considering whether to allow the tech giant to gobble up all this data.

Source: Google gobbling Fitbit is a major privacy risk, warns EU data protection advisor | TechCrunch

1 2 3 6
>