fbpx

Download free GDPR compliance checklist!

Tag Archives for " regulation "

European Union Implements Changes to Export Control Rules

The EU has updated its export control rules for dual-use items to (1) take account of Brexit, (2) ensure consistency with recent developments in international non-proliferation regimes and export control arrangements, and (3) address cyber-surveillance and other security threats stemming from new technologies, reinforce cooperation among competent EU authorities, and impose enhanced compliance obligations (including a requirement to adopt internal compliance programs) on businesses.

These updates, which are addressed in turn, will have significant implications for businesses dealing in dual-use items.

The EU Dual-Use Regulation regulates exports outside the EU, transfers inside the EU, transit through the EU and the brokering of certain sensitive goods, services, software and technology that are considered “dual-use” both for military and civil applications. 

Full article: European Union Implements Changes to Export Control Rules

UK Online Safety Bill may have implications for freedom of expression and privacy

The UK Online Safety Bill may have “implications for freedom of expression and privacy” as private messaging may fall within the scope of the regulatory framework, a digital rights group has warned.

On 15 December, the UK government published its full response to the Online Harms White Paper consultation ahead of the publication of the Online Safety Bill next year.

Source: UK Online Safety Bill may have implications for freedom of expression and privacy, says digital rights Group

German top court strikes down plank of anti-terror law

Germany’s top court said on Friday it had struck down a key passage of an anti-terror law on data protection grounds, raising the bar for security services to swap information.

The Federal Constitutional Court said the passage of the measure in question was too vague in granting permission for intelligence on terror suspects to be shared from a central security database.

Source: German top court strikes down plank of anti-terror law

Class Actions in Belgium – the next level in GDPR enforcement

In Belgium a tangible risk now exists for collective redress actions as Belgian law contains a comprehensive – and from a European perspective – unique class action scheme in its Code of Economic Law.

Since NOYB – the non-profit organisation of activist Max Schrems – has been granted the status of ‘group representative’ by a Ministerial Decree last September 2020, this new type of private privacy watchdogs should be factored into your enforcement risk assessment.

The Belgian collective redress scheme allows a group of consumers (or SMEs) to claim, in their personal capacity, damages suffered as a result of a common cause. The causes that may be invoked concern breaches by a company of its contractual obligations or infringements of (among others) the GDPR and the Belgian cookie rules.

Source: Belgium: Class Actions in Belgium – the next level in GDPR enforcement

US Congress passes new IoT cybersecurity law

In response to high-profile data breaches and security warnings from the technology industry and independent agencies alike, members of U.S. Congress have been working for years to address security concerns involving Internet-of-Things devices.

Congress recently made significant progress toward greater IoT security in the United States when it enacted the Internet of Things Cybersecurity Improvement Act of 2020, which entered into force Dec. 4, 2020. Although the new IoT cybersecurity law focuses primarily on the procurement of IoT technology and products by the federal government, it has the potential to create a more uniform IoT security standard across the private sector.

Source: US Congress passes new IoT cybersecurity law

‘Dirty methods’ in Brexit vote cited in push for new laws on Europe’s elections

The “dirty methods” of the Brexit referendum have been cited as a reason for new EU laws aimed at tackling disinformation and forcing online platforms including Facebook to publicly disclose the identity of people and entities funding political adverts.

The proposals would force on-line platforms to take greater responsibility for what they publish and ensure that consumers know why they are being targeted and by whom. The commission will also look at further restricting “micro-targeting and psychological profiling in the political context” through new regulatory codes and professional standards.

Source: ‘Dirty methods’ in Brexit vote cited in push for new laws on Europe’s elections | European Union | The Guardian

Facebook Asks Supreme Court To Decide Whether Tracking Violates Wiretap Law

Facebook is urging the Supreme Court to take up a long-running dispute about whether tracking logged-out users via the “Like” button violates a law restricting the interception of online communications.

In a petition filed quietly last week, the social networking service argues that the battle over tracking “presents a question of critical importance” — namely, whether “certain ubiquitous practices in the technology industry involving computer-to-computer communications violate the federal Wiretap Act.”

Source: Facebook Asks Supreme Court To Decide Whether Tracking Violates Wiretap Law 11/30/2020

GDPR enforcement must level up to catch big tech, report warns

A new report by European consumer protection umbrella group Beuc, reflecting on the barriers to effective cross-border enforcement of the EU’s flagship data protection framework, makes awkward reading for the regional lawmakers and regulators as they seek to shape the next decades of digital oversight across the bloc.

Beuc’s report — which it’s called “The long and winding road: Two years of the GDPR: A cross-border data protection case from a consumer perspective” — details the procedural obstacles its member organizations have faced in seeking to obtain a decision related to the original complaints, which were filed with a variety of DPAs around the EU.

Source: GDPR enforcement must level up to catch big tech, report warns | TechCrunch

The Biden administration should push for a federal data protection law

In the United States, companies are largely not required by law to protect your personal data. There are some exceptions—certain specific types of data are regulated (health information, for instance, or data about children under 13), and the California Consumer Privacy Act, which went into effect this year, imposes some security and privacy requirements on companies collecting information about California residents.

But those piecemeal solutions do not come close to adequately addressing the huge gap at the heart of U.S. civilian cybersecurity policy: the absence of a federal data protection law. However, this could be a rare opportunity for bipartisan cooperation in Congress.

Full article: The Biden administration should push for a federal data protection law.

Facebook fined $6.1 million in South Korea for sharing user data without consent

The Korea Communications Commission kickstarted the investigation in 2018 before ultimately handing it off to the PIPC a few months ago.

According to Yonhap News, the PIPC determined that the social network shared the personal information of 3.3 million South Korean users (out of a total of 18 million) to other companies without consent from May 2012 to June 2018. The watchdog said Facebook shared people’s names, addresses, dates of birth, work experience, hometowns and relationship statuses with other companies when they logged in.

Source: Facebook fined $6.1 million in South Korea for sharing user data without consent | Engadget

>