fbpx

Download free GDPR compliance checklist!

Tag Archives for " EU "

‘Dirty methods’ in Brexit vote cited in push for new laws on Europe’s elections

The “dirty methods” of the Brexit referendum have been cited as a reason for new EU laws aimed at tackling disinformation and forcing online platforms including Facebook to publicly disclose the identity of people and entities funding political adverts.

The proposals would force on-line platforms to take greater responsibility for what they publish and ensure that consumers know why they are being targeted and by whom. The commission will also look at further restricting “micro-targeting and psychological profiling in the political context” through new regulatory codes and professional standards.

Source: ‘Dirty methods’ in Brexit vote cited in push for new laws on Europe’s elections | European Union | The Guardian

Privacy Rights Groups Say EU Aid Funds Pay for Government Surveillance in Developing Countries

Privacy groups are raising alarms about some EU aid programs. Funds, equipment and training are reportedly going to repressive governments and being used explicitly for domestic surveillance.

Examples include training seminars that taught participants how to perform “man in the middle” WiFi attacks and monitor dissidents on social media.

The training included subjects such as techniques for cracking mobile devices, methods for investigating charities, and how to monitor social media users and map out their connections using open source tools.

Source: Privacy Rights Groups Criticize EU Aid in Developing Countries, Claiming Funds Pay for Government Surveillance – CPO Magazine

EDPB Issues Guidance on Its Coordinated Enforcement Framework 

The European Data Protection Board has issued guidance on its Coordinated Enforcement Framework (CEF).

The CEF provides a structure for coordinating recurring annual activities by EDPB Supervisory Authorities. The annual coordinated action focuses on a pre-defined topic which participating SAs may pursue using a pre-defined methodology.

Full article: EDPB Issues Guidance on Its Coordinated Enforcement Framework | Privacy Compliance & Data Security

IAB releases DPIA guidance for Digital Advertising under GDPR

IAB has developed and published practical guide to carrying out data protection impact assessments (DPIA) under the EU’s General Data Protection Regulation (GDPR).

Guide provides background and describes the DPIA process in the context of processing data for digital advertising generally and for real-time bidding (RTB), in order to help companies understand their obligations and how to comply with them in practice. It explains how to incorporate the DPIA process into a company’s normal course of product design and development.

Source: GDPR Data Protection Impact Assessments (DPIA) for Digital Advertising under GDPR – IAB Europe

EU Plans New Rules Giving Europeans More Control of Data

The European Union is laying out new standards for data giving Europeans more control over their personal information as it seeks to counter the power of U.S. and Chinese tech companies.

The EU’s executive Commission on Wednesday proposed new rules on the handling of data that would aim to give people, businesses and government bodies the confidence to share their information in a European data market.

The proposed legislation would would spell out how industrial and government data – normally off limits because of intellectual property rights, commercial confidentiality or privacy rights – could be shared to help society or boost the economy. The bloc’s strict privacy rules would still apply, with mechanisms in place to preserve confidentiality or anonymity.

Source: EU Plans New Rules Giving Europeans More Control of Data | SecurityWeek.Com

Activists Call for Scrutiny of Palantir Over Partnerships With EU Law Enforcement Agencies

SOMI, a Dutch privacy group, is calling for a large-scale investigation into the partnerships that data analytics company Palantir Technologies has with a number of law enforcement and intelligence agencies throughout the European Union.

SOMI contends that the firm could be participating in both knowing and unknowing privacy violations based on its associations with agencies that are making use of “predictive policing” technologies.

Source: Dutch Group Calls for Scrutiny of Palantir Over Opaque Partnerships With EU Law Enforcement Agencies, Possible Privacy Violations – CPO Magazine

EU Parliament Approves Collective Redress Directive

On November 24, 2020, the European Parliament endorsed the new directive on representative actions for the protection of the collective interests of consumers.

The Collective Redress Directive requires all EU Member States to put in place at least one effective procedural mechanism allowing qualified entities to bring representative actions to court for the purpose of injunction or redress.

Source: EU Parliament Approves Collective Redress Directive

UK businesses face aggregate costs of up to 1.6 billion if no adequacy decision post-Brexit transition period, report finds

The cost to UK businesses of not receiving an adequacy decision from the European Commission could total between £1 billion and £1.6 billion, according to a new report by think tank New Economics Foundation and UCL European Institute.

The report, compiled from interviews with 60 EU and UK legal professionals, data protection officers, business representatives and academics, estimates average costs for impacted businesses could reach £3,000 for a micro business, £10,000 for a small business, £19,555 for a medium business and £162,790 for a large business.

Source: UK businesses face aggregate costs of up to 1.6 billion if no adequacy decision post-Brexit transition period, report finds

European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices

The European Data Protection Board (EDPB) has issued guidance that calls into question recommendations to cloud services providers in responding to the Schrems II ruling, which struck down the Privacy Shield arrangement for moving data from the EU to the US.

The EDPB, which is responsible for European data protection law, said encryption could safeguard against contravening the ruling, but only when keys remain within the EU or trusted third countries.

Full article: European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices • The Register

Microsoft promises to challenge all government requests for customer data

Microsoft has vowed to challenge all requests that any government or security agency makes to access its customers’ data, and will even compensate firms where it’s forced to legally grant access.

The firm will challenge every government request for public sector or enterprise customer data, from any government, where there’s a lawful basis for doing so. Where customer data is handed to authorities in violation of GDPR, Microsoft will provide financial compensation to affected customers, it has said.

Source: Microsoft promises to challenge all government requests for customer data | IT PRO

>