fbpx

Download free GDPR compliance checklist!

Tag Archives for " EU "

Facebook faces ‘mass action’ lawsuit in Europe over 2019 breach

Facebook is to be sued in Europe over the major leak of user data that dates back to 2019 but which only came to light recently after information on more than 533 million accounts was found posted for free download on a hacker forum.

Today Digital Rights Ireland (DRI) announced it’s commencing a “mass action” to sue Facebook, citing the right to monetary compensation for breaches of personal data that’s set out in the European Union’s General Data Protection Regulation (GDPR).

Source: Facebook faces ‘mass action’ lawsuit in Europe over 2019 breach | TechCrunch

EDPB Gives the Green Light to the Commission’s Draft UK Adequacy Decisions

On 13 April 2021, the European Data Protection Board (EDPB) adopted two Opinions on the draft UK adequacy decisions: (i) Opinion 14/2021 for transfers of personal data under the EU General Data Protection Regulation (GDPR); and (ii) Opinion 15/2021 for transfers of personal data under the Law Enforcement Directive (LED).

Whilst the Opinions have not yet been published, the EDPB has confirmed in a press release that it has identified “many aspects [of the UK data protection framework] to be essentially equivalent ” to the EU data protection framework.

Source: EDPB Gives the Green Light to the Commission’s Draft UK Adequacy Decisions

EU says ‘no major breach detected so far’ following significant cyber attack

The European Commission and other European Union (EU) institutions have been hit by a cyber attack significant enough for senior officials to be alerted.

A forensic analysis of last week’s security incident in the IT infrastructure of a number of EU bodies is in its initial phase and it is too early to give any conclusive information about the attack, a European Commission spokesperson said.

The commission has also set up a round-the-clock monitoring service and is taking active mitigating measures.

Source: EU says ‘no major breach detected so far’ following significant cyber attack | News | GRC World Forums

Surveillance exposes limits of transatlantic AI collaboration

The European Commission will propose legislation on artificial intelligence this month, and it has taken pains to emphasize that its priority is to strictly regulate what it deems “high-risk” uses. One example is the use of facial recognition technology in public places, which digital rights groups argue could enable widespread biometric surveillance. Commission President Ursula von der Leyen even hinted at banning such uses, saying the Commission “may need to go further” in regulating AI technologies “incompatible” with European human rights.

But Europe’s drive to put privacy front and center of its AI strategy could limit the scope of its collaboration with the U.S., which appears to be less concerned about surveillance. “The illegal use of personal data for facial recognition is not compatible with European fundamental rights and poses an issue for transatlantic cooperation on AI,” said Green MEP Alexandra Geese, who’s a member of the Parliament’s artificial intelligence committee.

Source: Clearview scandal exposes limits of transatlantic AI collaboration – POLITICO

From California to Brazil: GDPR has created recipe for the world

As Europe’s sweeping GDPR laws approach their third anniversary, other jurisdictions around the world are taking cues from it to develop their own frameworks.

The EU regulation (the General Data Protection Regulation) has helped put data protection front of mind for policymakers and businesses, especially with the specter of large fines.

Other jurisdictions can look at the GDPR for inspiration on what does and doesn’t work, though there are many nuances and European traits to consider that may not necessarily translate.

Full article: From California to Brazil: GDPR has created recipe for the world

EU data protection authorities adopt joint opinion  on the Digital Green Certificate Proposals

The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a joint opinion on the Proposals for a Digital Green Certificate.

With this Joint Opinion, the EDPB and the EDPS invite the co-legislators to ensure that the Digital Green Certificate is fully in line with EU personal data protection legislation.

The Joint Opinion includes specific recommendations for further clarifications on the categories of data concerned by the Proposal, data storage, transparency obligations and identification of controllers and processors for the processing of personal data.

Source: EU data protection authorities adopt joint opinion  on the Digital Green Certificate Proposals | European Data Protection Board

Pandemic reveals Palantir’s troubling reach in Europe

The findings of investigation by the Guardian, Lighthouse Reports and Der Spiegel raise serious questions over the way public agencies work with Palantir and whether its software can work within the bounds of European laws in the sensitive areas where it is being used, or perform in the way the company promises.

Contract with Greece appeared to give Palantir phenomenal access to data of exactly the scale and sensitivity that would seem to require an impact assessment. Worse, a revision of the agreement one week after the first deleted any reference to the need to “pseudonymise” the data – to prevent it being relatable to specific individuals.

Full article: Seeing stones: pandemic reveals Palantir’s troubling reach in Europe | World news | The Guardian

Platforms, not regulators, are driving data privacy enforcement

Unlike GDPR or CCPA, the moves Google and Apple are about to make will cause immediate shockwaves the day they are implemented.

The intent of GDPR — to give users back more control over their personal data and ensure it’s not misused by hidden players in the digital advertising ecosystem — has resulted in a horribly confusing, annoying user experience in Europe.

Privacy activists believe regulators have failed to properly enforce the law at scale. In the U.S. the lack of federal privacy law has left the door wide open for Google and Apple to call the shots.

The privacy-led changes driven by platforms Apple and Google are all bite. Plus, they are binary — not open to interpretation. Naturally, that results in people questioning whether this biting behavior is fair and the underlying reasons are honest or have a double agenda

Full article: Platforms, not regulators, are driving data privacy enforcement

MEPs rue lack of GDPR sanctions issued by Irish data authority

MEPs have said that “a lack of political will and resources” had resulted in a laggard approach to enforcement of the EU’s general data protection regulation (GDPR), singling out in particular the lack of sanctions dished out by the Irish data protection authority.

To date, the Irish DPC has issued six fines for GDPR breaches. These include three against Tusla, the country’s Child and Family Agency, a €65,000 penalty issued against Cork University Maternity Hospital, a €70,000 fine for University College Dublin, and, in the first fine for a cross-border case, a €450,000 charged levied against Twitter for falling short of data breach notification obligations.

Source: MEPs rue lack of GDPR sanctions issued by Irish data authority – EURACTIV.com

EU concludes the adequacy talks with South Korea

European Union and the Republic of Korea have successfully concluded the adequacy talks, finding that Korea’s data protection level is adequate to one of EU’s. Adequacy decision will mean free data flow between EU and Korea.

The European Commission will now proceed with launching the decision-making procedure with a view to having the adequacy decision adopted as soon as possible in the coming months.

This involves obtaining an opinion from the European Data Protection Board (EDPB) and the green light from a committee composed of representatives of the EU Member States.

Source: Personal Information Protection

1 2 3 127
>