fbpx

Download free GDPR compliance checklist!

Tag Archives for " guidance "

EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

During its 39th plenary session on October 8, 2020, the European Data Protection Board (EDPB) adopted guidelines on relevant and reasoned objection under the General Data Protection Regulation (GDPR).

The Guidelines relate to the cooperation and consistency provisions set out in Chapter VII of the GDPR, under which a lead supervisory authority has a duty to cooperate with other concerned supervisory authorities in order to reach a consensus.

Source: EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

ICO Launches Consultation on Its Draft Statutory Guidance

On October 1, 2020, the UK Information Commissioner’s Office (ICO) launched a public consultation on its draft Statutory Guidance.

The Guidance provides an overview of the ICO’s powers and how it intends to regulate and enforce data protection legislation in the UK, including its approach to calculating fines.

Source: ICO Launches Consultation on Its Draft Statutory Guidance

French Supervisory Authority Publishes Final Version of Cookie Guidelines

On October 1, 2020, the French Supervisory Authority (CNIL) published the final version of its Guidelines on cookies and other tracking technologies, as well as an adjoining set of best practice recommendations with examples on how to implement the guidelines.

The new version of the guidelines takes into account contributions submitted by various stakeholders during the public consultation period for both documents, as well as a recent decision of the French Council of State regarding a prior version of the guidelines.

Source: French Supervisory Authority Publishes Final Version of Cookie Guidelines, Says It Will Start Enforcing Them in April 2021

U.S. Department of Commerce Releases White Paper to Assist Organizations in Conducting Schrems II Assessments

The U.S. Department of Commerce published a white paper to assist organizations in conducting independent analyses of data transfers in light of the July 16, 2020 Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems, Case C-311/18 (Schrems II) decision by the Court of Justice of the European Union (CJEU) and, ultimately, in making the case for transferring personal data to the United States using EU-approved transfer mechanisms.

The white paper outlines privacy safeguards relating to government access to data provided by U.S. law, focusing on those that are relevant to the issues that appear to have concerned the CJEU in Schrems II.

Source: U.S. Department of Commerce Releases White Paper to Assist Organizations in Conducting Schrems II Assessments | Alston & Bird Privacy Blog

The EDPB launches a public consultation on its draft guidelines on the concepts of controller and processor

EDPB has published new draft guidelines on the concepts of controller and processor which aim at replacing the previous opinion from the Article 29 Working Party  (WP169).

This document thus intends to clarify the definition of the concepts of controller, joint controller, processor, third party and recipient of data, by illustrating them with concrete examples within different sectors. It also aims at specifying the obligations that are attached to these qualifications.

Following the public consultation and after analyzing the contributions received, the final version of the guidelines will be adopted by the EDPB.

Source: The EDPB launches a public consultation on its draft guidelines on the concepts of controller and processor

CNIL issues new guidance on data retention

The French Supervisory Authority CNIL in July has issued new updated guidelines on data retention.

These Guidelines aim at providing practical tools to help defining the relevant rules to organize data retention and accordingly the retention period applicable for each step of the personal data processing life cycle so that the personal data are not kept indefinitely.

Source: FRANCE: NEW GUIDANCE FOR DATA RETENTION

German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

On August 24, 2020, the data protection authority of the German state of Baden-Württemberg published guidance on international transfers of personal data following the Schrems II judgment.

This represents the first comprehensive guidance by a European privacy supervisor indicating how it intends to enforce the Schrems II decision. As well as including a Schrems II compliance checklist, it provides some recommendations on modifying the Standard Contractual Clauses to allow the parties to document their intent to act in accordance with the law.

Source: German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

ICO Issues Guidance on Artificial Intelligence

The UK’s Information Commissioner’s Office (ICO) has finalised the key component of its “AI Auditing Framework” following consultation.

The Guidance covers what the ICO considers “best practice” in the development and deployment of AI technologies. It is not a statutory code and there is no penalty for failing to follow the Guidance.

Source: ICO Guidance on Artificial Intelligence

US Govt. issues Artificial Intelligence Ethics Framework for the Intelligence Community

US government has issued ethics guide for United States Intelligence Community personnel on how to procure, design, build, use, protect, consume, and manage AI and related data.

The guide is a “living document” intended to provide stakeholders with a reasoned approach to judgment and to assist with the documentation of considerations associated with the AI lifecycle. In doing so, this guide will enable mission through an enhanced understanding of goals between AI practitioners and managers while promoting the ethical use of AI.

Source: Artificial Intelligence Ethics Framework for the Intelligence Community

EDPS Investigation into EU institutions’ use of Microsoft products and services

EDPS issued a Public Paper detailing its findings and recommendations on the use of Microsoft products and services by EU institutions.

These findings may help any public administrations when contracting ICT services, because of the similarities between the General Data Protection Regulation (GDPR) and Regulation (EU) 2018/1725 which applies to the EU institutions.

Source: The Hague Forum: Reinforcing cooperation for fair IT contracts in Europe | European Data Protection Supervisor

1 2 3 37
>