Free tools and resources for Data Protection Officers!

Tag Archives for " EU "

EDPS calls for closer alignment between consumer and data protection rules in the EU

Consumer law and data protection can no longer afford to work in silos. The EU needs a big-picture approach to addressing systemic harms to individuals in digital markets, involving closer cooperation between enforcers in order to avoid legal uncertainty, the European Data Protection Supervisor (EDPS) said, as he published his Opinion on the legislative package A New Deal for Consumers.

Source: EDPS calls for closer alignment between consumer and data protection rules in the EU | European Data Protection Supervisor

FTC Gives Final Approval to Settlements in Privacy Shield Cases

US Federal Trade Commission has given final approval to settlements with four companies over allegations that they falsely claimed certification under the EU-U.S. Privacy Shield framework, which establishes a process to allow companies to transfer consumer data from European Union countries to the United States in compliance with EU law.

As part of the proposed settlements with the FTC, all four companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any self-regulatory or standard-setting organization, and must comply with FTC reporting requirements. In addition, VenPath and SmartStart must continue to apply the Privacy Shield protections to personal information they collected while participating in the program, protect it by another means authorized by the Privacy Shield framework, or return or delete the information within 10 days of the order.

Source: FTC Gives Final Approval to Settlements with Four Companies Related to EU-U.S. Privacy Shield | Federal Trade Commission

Timescale set for data protection ‘adequacy’ decision after Brexit

On Wednesday evening, the UK government and European Commission announced that the UK and EU27 countries had reached a draft agreement on the terms of the UK’s withdrawal from the EU. That draft agreement, which is still to be ratified by the UK parliament and EU27 member states, was published alongside a number of other documents, including an outline of the political declaration on the future EU-UK relationship.

According to the political declaration, the Commission will assess UK data protection standards on the basis of the EU’s “adequacy framework” with a view to adopting an “adequacy” decision by the end of 2020. Over the same period, the UK will take steps to ensure comparable facilitation of personal data flows to the Union.

Full article: BREXIT: timescale set for data protection ‘adequacy’ decision

European privacy search engines aim to challenge Google

The backlash over Big Tech’s collection of personal data offers new hope to a number of little-known search engines that promise to protect user privacy. Sites like Britain’s Mojeek , France’s Qwant , Unbubble in Germany and Swisscows don’t track user data, filter results or show “behavioral” ads.

These sites are growing amid the rollout of new European privacy regulations and numerous corporate data scandals, which have raised public awareness about the mountains of personal information companies stealthily gather and sell to advertisers.

Full article: European privacy search engines aim to challenge Google

MEPs call for business GDPR ‘guarantee’ on using blockchain

Businesses should not begin using blockchain technology to process personal data until they can “guarantee compliance” with EU data protection laws, a committee of MEPs has said.

The Committee on Civil Liberties, Justice and Home Affairs (LIBE) said that businesses using blockchain must, in particular, be able to respect the rights of data subjects under the General Data Protection Regulation (GDPR) to the rectification and erasure of their data.

Full article: MEPs call for business GDPR ‘guarantee’ on using blockchain

Draft Withdrawal Agreement does not guarantee frictionless free flow of personal data from EU

The draft Withdrawal Agreement at Article 71(2) implies an adequacy assessment by the European Commission could happen in future (this is expected before the end of the transition period in December 2019), but first the UK has to leave the EU and then the Commission has to follow the rules in Article 45 of the GDPR.

This means that the Commission has to involve the European Data Protection Board (EDPB) as part of the adequacy determination process so it won’t be a quick process. However, UK may not get an assessment of adequacy at all.

Full article: Draft Withdrawal Agreement does not guarantee frictionless free flow of personal data from European Union

Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

The draft text of the EU-UK withdrawal agreement was published by the UK Government and the European Union yesterday, providing some of the first concrete indicators of the possible direction of travel in the area of data protection.

This article provides 10 initial conclusions on Draft EU-UK Withdrawal Agreement.

Full article: Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

UK government adopts draft Brexit withdrawal agreement

The cabinet has agreed a draft withdrawal agreement on the UK’s exit from, and future relationship with the European Union. In terms of data protection, the documents reaffirms the UK government’s commitment to a high level of data protection during and after Brexit.

The future relationship with the EU is described in just seven pages. The EU will commence its evaluation of the UK’s data protection framework with the aim of decisions by the end of 2020. There will be ‘appropriate cooperation between regulators.’ The draft withdrawal agreement talks about ‘essential equivalence’ rather than adequacy.

Full artisle: UK government adopts draft Brexit withdrawal agreement – Privacy Laws & Business

>