fbpx

Download free GDPR compliance checklist!

Tag Archives for " GDPR "

MEPs raise concerns on EU plans for police facial recognition database

MEPs on the European Parliament’s Civil Liberties Committee have questioned EU plans to establish a bloc-wide facial recognition database for use by police authorities, citing the potential abuse of data as well as the likelihood of false positives.

As part of a planned extension of the EU’s 2008 Prum Decision, which allows for the exchange of DNA, fingerprint and vehicle registration data, member states have proposed that police authorities be given powers that permit them to share facial images.

Source: MEPs raise concerns on EU plans for police facial recognition database – EURACTIV.com

Facebook denies it will pull service in Europe over data transfer ban

Facebook’s head of global policy has denied the tech giant could close its service to Europeans if local regulators order it to suspend data transfers to the U.S. following a landmark Court of Justice ruling in July that has cemented the schism between U.S. surveillance laws and EU privacy rights.

However, he also warned of “profound effects” on scores of digital businesses if a way is not found by lawmakers on both sides of the pond to resolve the legal uncertainty around U.S. data transfers — making a pitch to politicians to come up with a new legal “sticking plaster” for EU-U.S. data transfers now that a flagship arrangement, called Privacy Shield, is dead.

Source: Facebook denies it will pull service in Europe over data transfer ban | TechCrunch

Ireland’s data watchdog slammed for letting adtech carry on ‘biggest breach of all time’

A dossier of evidence detailing how the online ad targeting industry profiles Internet users’ intimate characteristics without their knowledge or consent has been published today by the Irish Council for Civil Liberties (ICCL), piling more pressure on the country’s data watchdog to take enforcement action over what complainants contend is the “biggest data breach of all time”.

The publication follows a now two-year-old complaint lodged with Ireland’s Data Protection Commission (DPC) claiming unlawful exploitation of personal data via the programmatic advertising Real-Time Bidding (RTB) process — including dominant RTB systems devised by Google and the Internet Advertising Bureau (IAB).

Full article: Ireland’s data watchdog slammed for letting adtech carry on ‘biggest breach of all time’ | TechCrunch

Cloud Industry Unites to Create Global Standard for Transfer of Personal Data following ‘Schrems II’ ruling

The creators of the data protection market standard for cloud, the EU Cloud Code of Conduct, announced work is underway on a proposed legal solution for the transfer of personal data outside the EU.

Once approved by data protection authorities, the solution could be an alternative to the recently annulled EU-U.S. Privacy Shield, previously relied on by thousands of businesses who now face disruption and uncertainty when transferring EU citizens’ data across the Atlantic.

Source: Cloud Industry Unites to Create Global Standard for Transfer of Personal Data following ‘Schrems II’ ruling: EU Cloud CoC

YouTube faces legal battle over British children’s privacy

Google, YouTube’s parent company, is facing a landmark claim over the use of children’s data in the UK.

A claim lodged with the High Court against parent company Google accuses the firm of collecting children’s data without parental consent. Privacy expert Duncan McCann, who is bringing the action, argues this is a breach of UK and European (EU) law.

He told the BBC that the class action is the first in Europe brought against a technology firm on behalf of children. He says that estimated damages of more than £2bn are being sought for about five million British children as well as their parents or guardians.

Source: YouTube faces legal battle over British children’s privacy – BBC News

Privacy laws might prove to be a blessing in disguise for crypto

With government agencies getting more savvy at tracing blockchain transactions, laws like the EU’s GDPR may play a role.

The GDPR has led to changes that complement the ethos of crypto’s early days, as it has proved crucial for fighting the questionable data handling practices of public and private sector players alike. It has also done wonders to nurture a privacy culture even among people with no prior interest in protecting their information.

Regulators and blockchain and crypto users also have a common goal: to ensure that both cryptocurrencies and the technologies underlying them are used in a way that’s not deceptive in its promise. Which might just be what the long-awaited, wider adoption of digital currencies needs.

Full article: Privacy laws might prove to be a blessing in disguise for crypto

Revised, Washington State Privacy Legislation Moves Forward

The Washington Privacy Act is back and now includes provisions for handling personal data during a public health emergency such as a pandemic.

Its provisions are closer to the European Union’s General Data Privacy Regulation (GDPR) than the California Consumer Privacy Act (CCPA).

Source: Revised, Washington State Privacy Legislation Moves Forward

Facebook appealing order by Ireland’s privacy regulator that could halt EU-US data transfers

Facebook is appealing a preliminary order from the Irish Data Protection Commission (IDPC) that the social media company says would require it to stop data transfers between the US and the European Union.

The IDPC sent a preliminary order to Facebook last month directing the company to suspend data transfers to the US about EU users. The order is the first attempt by an EU regulator to enforce a ruling by the EU’s Court of Justice, which invalidated Privacy Shield, a data-sharing protocol that allowed American companies to transfer personal information about EU citizens to the US for processing.

Source: Facebook appealing order by Ireland’s privacy regulator that could halt EU-US data transfers – The Verge

The EDPB launches a public consultation on its draft guidelines on the concepts of controller and processor

EDPB has published new draft guidelines on the concepts of controller and processor which aim at replacing the previous opinion from the Article 29 Working Party  (WP169).

This document thus intends to clarify the definition of the concepts of controller, joint controller, processor, third party and recipient of data, by illustrating them with concrete examples within different sectors. It also aims at specifying the obligations that are attached to these qualifications.

Following the public consultation and after analyzing the contributions received, the final version of the guidelines will be adopted by the EDPB.

Source: The EDPB launches a public consultation on its draft guidelines on the concepts of controller and processor

EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

On September 4, 2020, the European Data Protection Board (EDPB) announced that it established two taskforces following the judgment of the Court of Justice of the European Union (CJEU) in the Schrems II case.

The first taskforce will process and uniformly respond to complaints received by data protection authorities following the Schrems II judgment. The second taskforce will prepare recommendations to assist data controllers and processors with their duty to identify and implement appropriate supplementary measures to ensure the adequate protection of EU personal data when transferring data to third countries.

Source: EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

1 2 3 133
>