fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " EU "

Potential Brexit deal reached; data transfers remain, for now

More than three years after the U.K. voted in a referendum to leave the EU, a proposed Brexit deal is on the table just weeks ahead of an Oct. 31 deadline.

European Commission President Jean-Claude Juncker confirmed a deal had been reached. U.K. Parliament will vote on it this Saturday, Oct. 19.

The draft text of the deal released Thursday includes a section near the top on data protection, stating, “In view of the importance of data flows and exchanges across the future relationship, the Parties are committed to ensuring a high level of personal data protection to facilitate such flows between them.”

Source: Potential Brexit deal reached; data transfers remain, for now

Facebook can be ordered to remove content worldwide

The E.U. Court of Justice ruled that Facebook and other platforms will need to remove information or block access to any illegal material, including in some instances content that is “equivalent.” Judges also can order it taken down worldwide, “within the framework of the relevant international law.”

The decision upheld an Austrian ruling in which a politician sued Facebook to remove defamatory content and the court ordered it removed globally. Facebook had previously removed the content in Austria only.

This judgment raises critical questions around freedom of expression and the role that internet companies should play in monitoring, interpreting and removing speech that might be illegal in any particular country.

Source: Facebook can be ordered to remove content worldwide, EU says – The Washington Post

EU and US work on electronic evidence agreement

European Commission and U.S. Department of Justice officials met on September 25 to begin formal negotiations on an EU-U.S. agreement to facilitate access to electronic evidence in criminal investigations.

There was agreement to regular negotiating rounds with the view to concluding an agreement as quickly as possible. Progress will be reviewed at the next EU-U.S. Justice and Home Affairs Ministerial in December.

Source: European Commission – PRESS RELEASES – Press release – Criminal justice: Joint statement on the launch of EU-U.S. negotiations to facilitate access to electronic evidence

Pre-Checked Cookie Consent Invalid, EU Court Rules

The Court of Justice of the European Union (CJEU) this morning ruled that storing cookies requires internet users’ active consent.

It’s not good enough, says the CJEU, to present users with a pre-checked box and require them to click it to opt out. That consent must be specific, and that users should be informed how long cookies will be stored for and used, and whether or not third parties will have access to them.

That decision is unaffected by whether or not the information stored or accessed on the user’s equipment is personal data.

Source: Pre-Checked Cookie Consent Invalid, EU Court Rules

How to manage, monitor and validate third-party data sharing

When companies manage how personal data is shared and transferred to third parties, much of the effort lately has been focused on bringing legal contracts in line with requirements under the EU General Data Protection Regulation and now, increasingly, the California Consumer Privacy Act.

How can organizations effectively ensure they have the requisite data knowledge to validate data flows and the purpose of processing, as well as monitor data transfers to flag when personal data is going where it shouldn’t?

Read full article: How to manage, monitor and validate third-party data sharing

EU Council Presidency Published Amended Proposal for Draft ePrivacy Regulation

On September 18, 2019, the Presidency of the European Council published its proposed amendments to the Proposal for a Regulation Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications (ePrivacy Regulation).

The Presidency proposed numerous amendments to the draft text, including amendments to the provisions on the processing of electronic communications metadata.

Source: EU Council Presidency Published Amended Proposal for Draft ePrivacy Regulation

Belgian DPA: Requiring Customers to Allow Their ID Cards To Be Scanned To Receive Loyalty Cards Violates GDPR

Asking to read an electronic ID card as a condition for the provision of a service (issuing a rewards/loyalty card) is disproportionate and in violation of GDPR, says the Belgian data protection authority. The company was fined €10,000.

Source: Belgian DPA: Requiring Customers to Allow Their ID Cards To Be Scanned To Receive Loyalty Cards Violates GDPR

Research reveals six common CX failures when handling GDPR information requests

A recent study conducted by Macro 4 reveals problems in the way companies are handling data subject access requests – an important consumer right enshrined in the GDPR – which threaten to damage consumer trust.

Macro 4’s study evaluated how effectively DSARs are being handled by a sample of 37 UK enterprises, including large financial services companies, utility companies and telecommunications providers. The research uncovered six ways in which companies are failing to meet the requirements of the GDPR and are delivering a level of service that is well below expectations.

Full article: Research reveals six common CX failures when handling GDPR information requests | CustomerThink

EU and US issue joint statement on the Third Annual EU-U.S. Privacy Shield Review

U.S. Secretary of Commerce Wilbur Ross and EU Commissioner for Justice, Consumers, and Gender Equality Věra Jourová made the joint statement regarding the third annual joint review of the EU-U.S. Privacy Shield Framework.

Officials stated that Privacy Shield ensures that participating companies and relevant government authorities provide a high level of protection for the personal data of EU individuals. The Department of Commerce will revoke the certification of companies that do not comply with Privacy Shield’s vigorous data protection requirements.

The European Commission will publish a report on the functioning of the Privacy Shield. This report will conclude this year’s review process.

Source: Joint Press Statement from Commissioner Věra Jourová and Secretary of Commerce Wilbur Ross on the Third Annual EU-U.S. Privacy Shield Review | U.S. Department of Commerce

10 reasons why the GDPR is the opposite of a ‘notice and consent’ type of law

A ‘notice and consent’ privacy law puts the entire burden of privacy protection on the person and then it doesn’t really give them any choice. The GDPR does the opposite of this.

Here are 10 reasons why it is so: 10 reasons why the GDPR is the opposite of a ‘notice and consent’ type of law

>