fbpx

Download free GDPR compliance checklist!

Tag Archives for " guidance "

EDPB Releases Guidelines on Virtual Voice Assistants

On March 12, 2021, the European Data Protection Board (EDPB) published its Guidelines 01/2021 on Virtual Voice Assistants (VVA) for consultation.

The Guidelines provide those offering VVA services with recommendations on how to navigate the key compliance challenges, such as by providing voice-based interfaces for providing notice of data processing to users during installation.

Service providers also should avoid bundling their VVA service with other services, such as email or video streaming, so as not to infringe the GDPR’s transparency principle with complex and lengthy privacy policies.

Source: EDPB Releases Guidelines on Virtual Voice Assistants

Gaps remain in industry guidelines for email-based identity tech

The Interactive Advertising Bureau’s Tech Lab’s Best Practices for User-Enabled Identity Tokens address the use of identifiers, many of which work by transforming identifiable data like email addresses into encrypted ID signals to replace cookie tracking.

But as the digital ad industry faces increased scrutiny of its data use and privacy practices from government and everyday people, some say the proposed guidance from its biggest trade group could have gone further in advising companies on how to gain people’s consent while complying with privacy regulations.

For example, they do not provide guidance for how that transparency and control should be made accessible to site visitors beyond stating that the controls “need to conform to the requisite consumer transparency and control features defined by local law and policy interpretation.”

Source: Gaps remain in industry guidelines for email-based identity tech

CyberScotland offers centralised security resource hub

A coalition of 10 organisations – including the Scottish government, Police Scotland and the Scottish Business Resilience Centre (SBRC) – have clubbed together to set up the CyberScotland Partnership, designed to respond to calls for clarity around cyber security from both private individuals and businesses.

The National Cyber Security Centre (NCSC)-supported resource will provide a central online hub to offer resources for anyone seeking information and support across a number of cyber security and business resilience issues – as well as cyber careers and skills support and guidance.

Source: CyberScotland offers centralised security resource hub

EDPB Publishes Guidelines on Examples regarding Data Breach Notification

On January 18, 2021, the European Data Protection Board released draft Guidelines 01/2021 on Examples regarding Data Breach Notification.

The Guidelines aim to assist data controllers in deciding how to handle data breaches, including by identifying the factors that they must take into account when conducting risk assessments to determine whether a breach must be reported to relevant supervisory authorities and/or the affected data subjects.

Source: EDPB Publishes Guidelines on Examples regarding Data Breach Notification | Privacy & Information Security Law Blog

IAB releases DPIA guidance for Digital Advertising under GDPR

IAB has developed and published practical guide to carrying out data protection impact assessments (DPIA) under the EU’s General Data Protection Regulation (GDPR).

Guide provides background and describes the DPIA process in the context of processing data for digital advertising generally and for real-time bidding (RTB), in order to help companies understand their obligations and how to comply with them in practice. It explains how to incorporate the DPIA process into a company’s normal course of product design and development.

Source: GDPR Data Protection Impact Assessments (DPIA) for Digital Advertising under GDPR – IAB Europe

European Data Protection Board Issues Schrems II Recommendations

Following the Court of Justice of the European Union’s (“CJEU”) decision in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems on 16 July 2020 (Schrems II), the European Data Protection Board (EDPB) on 11 November 2020 issued its anticipated recommendations describing how controllers and processors transferring personal data outside the European Economic Area (EEA) may comply with the Schrems II ruling.

The EDPB on November 11 issued two sets of recommendations. The first set of recommendations covers the assessment and supplementary measures data exporters may need to adopt to ensure compliance with the EU level of personal data protection (“Supplementary Measures Recommendations”). The second set of recommendations lays down the elements to be used to examine whether surveillance measures allowing access to personal data by public authorities in a third country can be regarded as a justifiable interference with the level of data protection guaranteed in principle by the EU (“European Essential Guarantees Recommendations”).

These recommendations are applicable immediately but are open for public consultation until November 30.

Source: European Data Protection Board Issues Schrems II Recommendations

French Supervisory Authority Releases Strict Guidance on the Use of Facial Recognition Technology at Airports

On October 9, 2020, the French Supervisory Authority (CNIL) issued guidance on the use of facial recognition technology for identity checks at airports.

The CNIL indicates that it has issued this guidance in response to a request from several operators and service providers of airports in France who are planning to deploy this technology on an experimental basis. In this blog post, we summarize the main principles that the CNIL says airports should observe when deploying biometric technology.

Source: French Supervisory Authority Releases Strict Guidance on the Use of Facial Recognition Technology at Airports | Inside Privacy

FTC Issues New Guidance on Artificial Intelligence Technology 

In the latest piece to come out of the FTC’s new focus on emerging technologies, the FTC Bureau of Consumer Protection issued new guidance on the use of artificial intelligence (AI) and algorithms.

The guidance follows up on a 2018 hearing where the FTC explored AI, algorithms, and predicative analysis. As the FTC recognizes, these technologies already pervade the modern economy. They influence consumer decision making – from what video to watch next, to what ad to click on, or what product to purchase.

Source: A New Frontier or Back to Basics? FTC Issues New Guidance on Artificial Intelligence Technology | Minding Your Business

EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

During its 39th plenary session on October 8, 2020, the European Data Protection Board (EDPB) adopted guidelines on relevant and reasoned objection under the General Data Protection Regulation (GDPR).

The Guidelines relate to the cooperation and consistency provisions set out in Chapter VII of the GDPR, under which a lead supervisory authority has a duty to cooperate with other concerned supervisory authorities in order to reach a consensus.

Source: EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

ICO Launches Consultation on Its Draft Statutory Guidance

On October 1, 2020, the UK Information Commissioner’s Office (ICO) launched a public consultation on its draft Statutory Guidance.

The Guidance provides an overview of the ICO’s powers and how it intends to regulate and enforce data protection legislation in the UK, including its approach to calculating fines.

Source: ICO Launches Consultation on Its Draft Statutory Guidance

1 2 3 38
>