fbpx

Download free GDPR compliance checklist!

Tag Archives for " guidance "

European Data Protection Board Issues Opinion on U.S. CLOUD Act

On July 10, 2019, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint assessment of the impact of the U.S. Clarifying Overseas Use of Data Act (CLOUD Act) on the legal framework for the protection of personal data in the EU.

The institutions note that the extraterritorial effect of the CLOUD Act could result in service providers being “susceptible to facing a conflict of laws between US law and the GDPR and other applicable EU or national law of the Member States.”

Source: European Data Protection Board Issues Opinion on U.S. CLOUD Act

Cookies and other tracking devices: the CNIL publishes new guidelines

Without waiting for the future ePrivacy regulation, which is currently under discussion at the European level and which is not likely to come into force in the short term, the CNIL has decided to update its reference framework. In particular, it was necessary to repeal the 2013 recommendation, which was not compatible with the new provisions of the GDPR.

Full article: Cookies and other tracking devices: the CNIL publishes new guidelines

ICO opens consultation on the draft data sharing code of practice

The updated draft code of practice will explain and advise on changes to data protection legislation where these changes are relevant to data sharing. It will address many aspects of the new legislation including transparency, lawful bases for processing, the new accountability principle and the requirement to record processing activities.

The updated draft code is now out for public consultation and will remain open until Monday 9 September 2019.

You can respond to the consultation via our online survey, or you can download the document below and email datasharingcode@ico.org.uk.

Source: ICO consultation on the draft data sharing code of practice | ICO

EDPB Publishes Opinion on the Competence of a Supervisory Authority Relating to the Main or Single Establishment

On July 9, 2019, the European Data Protection Board (EDPB) adopted Opinion 8/2019 on the Competence of a Supervisory Authority in Case of a Change in Circumstances Relating to the Main or Single Establishment at the request of the French and the Swedish data protection authorities.

A change of circumstances relating to the main or single establishment may occur when the single or main establishment is (i) relocated from an EEA country to another EEA country; (ii) moved from or ceases to exist in an EEA country; (iii) relocated from a non-EEA country to an EEA country or is set up in an EEA country.

Full article: EDPB Publishes Opinion on the Competence of a Supervisory Authority in Change in Circumstances Relating to the Main or Single Establishment

Cookie consent – What “good” compliance looks like according to the ICO

On 3 July 2019, the UK data protection authority (the ICO) updated its guidance on the rules that apply to the use of cookies and other similar technologies.

The ICO has also changed the cookie control mechanism on its own website to mirror the changes in the new guidance.

Full article: Cookie consent – What “good” compliance looks like according to the ICO

EU High-Level Working Group on AI launches pilot phase of Ethics Guidelines and publishes  Recommendations for Trustworthy AI

On June 26, 2019, the EU High-Level Expert Group on Artificial Intelligence (AI HLEG) announced two important developments: (1) the launch of the pilot phase of the assessment list in its Ethics Guidelines for Trustworthy AI; and (2) the publication of its Policy and Investment Recommendations for Trustworthy AI.

The Recommendations are the second deliverable of the AI HLEG; the first was the Group’s Ethics Guidelines of April 2019, which defined the contours of “Trustworthy AI”.

Source: Two new developments from the EU High-Level Working Group on AI: launch of pilot phase of Ethics Guidelines and publication of Policy and Investment Recommendations for Trustworthy AI

Irish DPA issues guidance on the Use of CCTV

Irelands data protection authority – Data Protection Commission – has issued a guidance on use of CCTVs and video surveillance.

This guidance is intended to assist owners and occupiers of premises, in particular those that are workplaces or are otherwise accessible to the public, to understand their responsibilities and obligations regarding data protection when using CCTV.

Access guidance: Guidance on the Use of CCTV – For Data Controllers • DPO.guide

European Data Protection Board publishes 3 new guidelines

European Data Protection Board in its Eleventh Plenary session announced 3 new guidance documents:

  • Guidelines on Codes of Conduct – they intend to help clarify the procedures and the rules involved in the submission, approval and publication of codes of conduct at both the national and the European level;
  • annex to the Guidelines on Accreditation, – it provides guidance on the additional requirements for the accreditation of certification bodies to be established by the supervisory authorities; and
  • annex to the Guidelines on Certification – it identifies topics that data protection supervisory authorities and the EDPB will consider and apply for the approval of certification criteria for a certification mechanism.

Source: European Data Protection Board

ICO’s Interim Report on Explaining AI

On June 3, 2019, the UK Information Commissioner’s Office (ICO), released an Interim Report on a collaboration project with The Alan Turing Institute called “Project ExplAIn.”

The purpose of this project, according to the ICO, is to develop “practical guidance” for organizations on complying with UK data protection law when using artificial intelligence (AI) decision-making systems; in particular, to explain the impact AI decisions may have on individuals.

Source: ICO’s Interim Report on Explaining AI

>