Free tools and resources for Data Protection Officers!

Tag Archives for " EU "

EU Parliament publishes study on Blockchain and GDPR

In recent times, there has been much discussion in policy circles, academia and the private sector regarding the tension between blockchains and the European Union’s General Data Protection Regulation (‘GDPR’).

Whereas, the GDPR is based on an underlying assumption that in relation to each personal data point there is at least one the data controller, blockchains make the allocation of responsibility and accountability burdensome.

Further, although the GDPR is based on the assumption that data can be modified or erased where necessary to comply with legal requirements, blockchains, however, render the unilateral modification of data purposefully onerous in order to ensure data integrity and to increase trust in the network.

Source: Blockchain and the General Data Protection Regulation – Think Tank

Irish Data Protection Commission looking at Instagram data scraping

The Irish Data Protection Commission, a key EU data regulator, wants to know whether EU subjects were affected by the Instagram data scraping.

Marketing firm Hyp3r has been scraping millions of users’ public data from the Facebook-owned photo-sharing app — tracking people’s locations, saving their Stories posts (which are supposed to disappear after 24 hours), and gathering other information about them.

Source: Irish Data Protection Commission looking at Instagram, hyp3r data scraping – Business Insider

EDPS issues note on data transfers following Brexit

On 16 July 2019, the European Data Protection Supervisor (EDPS) issued an information note on international data transfers after Brexit. 

The Note highlights that if the EU and the UK sign the withdrawal agreement before 1 November 2019, the data flows to the UK will not be immediately affected.  EU data protection laws (including the GDPR, the Law Enforcement Directive (EU)2016/680 and the ePrivacy Directive) will apply until 31 December 2020, with a maximum extension until 31 December 2022. 

However, in the case of a “no-deal” Brexit, EU data protection laws would not apply in the UK and starting from 1 November 2019 personal data transfers from EU institutions to companies in the UK must comply with the international data transfer requirements under Chapter V of GDPR.

Read the Note.

Changes in ePrivacy Regulation regarding electronic communications and digital marketing

On 26 July 2019, at the level of the Council, the Finnish government has issued a revised (Council) proposal for the e-Privacy Regulation with some amendments concerning electronic communication content, data & metadata, and further processing of metadata. This proposal will be discussed during a next Council meeting on 9 September 2019.

The Proposal has introduced a limited number of amendments. Most notable:

  1. Article 6 is divided into four distinct provisions, in order to clarify their respective scope by scope of data (all data, content, metadata).
  2. Data can only be processed (i) for the duration necessary for the permitted purposes and (ii) if those purposes cannot be fulfilled by processing information that is made anonymous.
  3. Targeted advertising might not constitute direct marketing communications.

Source: EUROPE: e-Privacy Regulation – changes regarding electronic communications and digital marketing

India to approach the EU seeking ‘adequacy’ status with the GDPR

India will approach the European Union seeking ‘adequacy’ status with the General Data Protection Regulation once the country finalizes and passes its own Personal Data Protection Bill, two people familiar with the matter said.

The reciprocal recognition of data protection equivalency is expected to reduce the compliance burden and give the outsourcing and technology industry a leg up in attracting clients from Europe.

Source: Data privacy: India to approach the EU seeking ‘adequacy’ status with the GDPR, Technology News, ETtech

UK decision to deny EU citizens access to data challenged in court

The government has been taken to court over its decision to deny European citizens the right to access data the Home Office holds on individuals in immigration cases.

In a high court judicial review, campaigners for EU citizens allege that a clause in the Data Protection Act 2018 unlawfully excludes them from rights they would otherwise hold to access private data held by third parties.

Source: UK decision to deny EU citizens access to data challenged in court | UK news | The Guardian

European Data Protection Board Issues Opinion on U.S. CLOUD Act

On July 10, 2019, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint assessment of the impact of the U.S. Clarifying Overseas Use of Data Act (CLOUD Act) on the legal framework for the protection of personal data in the EU.

The institutions note that the extraterritorial effect of the CLOUD Act could result in service providers being “susceptible to facing a conflict of laws between US law and the GDPR and other applicable EU or national law of the Member States.”

Source: European Data Protection Board Issues Opinion on U.S. CLOUD Act

First company to fail GDPR compliance shares tips

Location data company Teemo was the first to get busted for failing to comply under GDPR guidelines, but it was also the first to become compliant. Now, Teemo CEO shares tips for U.S. companies that are wondering where to start.

Full article: First company to fail GDPR compliance shares tips on prepping for US privacy regs | AdAge

EU working group to harmonize sanctions

Sweden is entering as one of the chairmen of the EU working group to work for harmonization of sanctions according to the Data Protection Regulation, GDPR.

The guidelines for harmonized penalties within the EU are expected to be completed next year. The national inspection guidelines will be revised when the common EU guidelines have been adopted.

Source: The Data Inspectorate leads the EU working group on sanctions – the Data Inspectorate

ePrivacy Regulation Slowly Moves Forward

Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021.

With the Romanian Presidency’s oversight of the Council of the European Union passing to Finland as of July 1, and in view of forthcoming EU parliamentary elections and procedural considerations, it is possible that the adoption of the ePrivacy Regulation may be delayed even further.

Full article: EU Updates: ePrivacy Regulation Inches Forward, EDPB Issues Guidance on Interplay Between GDPR and ePrivacy Directive

1 2 3 101