fbpx

Download free GDPR compliance checklist!

Category Archives for "Legislation"

Turkish data localization rules in effect for social media companies

On Oct. 1, 2020, amendments to the Regulation of Internet Broadcasts and Prevention of Crimes Committed through Such Broadcasts (Law No. 5651), also known as the Social Media Law in Turkey, entered into force.

The amendments define the term “social network provider,” oblige them to appoint a local representative, set out procedures for content removal, request reports every six months, and require user data to be stored within Turkey.

Source: Turkish data localization rules in effect for social media companies

‘US is falling behind and needs a strong privacy law’ says Microsoft

The US has fallen behind the rest of the world on privacy and data protection and urgently needs new laws, Microsoft’s most senior privacy legal expert has warned.

Julie Brill, vice president and deputy general counsel for privacy and regulatory affairs at Microsoft, set out her concerns in a blog this week. Brill cited a new Microsoft-commissioned poll from Yougov showing seven in 10 Americans would like to see privacy regulation addressed by the next administration.

Source: ‘US is falling behind and needs a strong privacy law’ says Microsoft

EU nations call for ‘soft law solutions’ in future Artificial Intelligence regulation

Fourteen EU countries have set out their position on the future regulation of Artificial Intelligence, urging the European Commission to adopt a “soft law approach”.

In a position paper spearheaded by Denmark and signed by digital ministers from other EU tech heavyweights such as France, Finland and Estonia, the signatories call on the Commission to incentivise the development of next-gen AI technologies, rather than put up barriers.

“We should turn to soft law solutions such as self-regulation, voluntary labelling and other voluntary practices as well as robust standardisation process as a supplement to existing legislation that ensures that essential safety and security standards are met,” the paper noted.

Source: EU nations call for ‘soft law solutions’ in future Artificial Intelligence regulation – EURACTIV.com

EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

During its 39th plenary session on October 8, 2020, the European Data Protection Board (EDPB) adopted guidelines on relevant and reasoned objection under the General Data Protection Regulation (GDPR).

The Guidelines relate to the cooperation and consistency provisions set out in Chapter VII of the GDPR, under which a lead supervisory authority has a duty to cooperate with other concerned supervisory authorities in order to reach a consensus.

Source: EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

ICO Launches Consultation on Its Draft Statutory Guidance

On October 1, 2020, the UK Information Commissioner’s Office (ICO) launched a public consultation on its draft Statutory Guidance.

The Guidance provides an overview of the ICO’s powers and how it intends to regulate and enforce data protection legislation in the UK, including its approach to calculating fines.

Source: ICO Launches Consultation on Its Draft Statutory Guidance

Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

On October 1, 2020, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published an advisory that highlights the risk of potential U.S. sanctions law violations if U.S. individuals and businesses comply with ransomware payment demands.

OFAC’s advisory neither describes new penalties for ransomware payments nor expands existing law or provides new authority for imposing sanctions. Rather, in releasing its advisory in conjunction with a similar advisory from the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), OFAC is sending a clear signal that making ransomware payments with a sanctions nexus threatens U.S. national security interests and that third-party service providers that facilitate ransomware payments on behalf of a victim must consider and ensure compliance with OFAC regulations.

Source: Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

The EU’s Timetable for Dismantling End-to-End Encryption

Lobbying of “lawful access” to end-to-end encrypted services has moved from the U.S. to the European Union—where advocates for anti-encryption laws hope to have a smoother ride.

The public signs of this shift in the EU—which until now has been largely supportive toward privacy-protecting technologies like end-to-end encryption—began in June with a speech by Ylva Johansson, the EU’s Commissioner for Home Affairs.

Source: Orders from the Top: The EU’s Timetable for Dismantling End-to-End Encryption

Commission documents reveal vision for European Digital Identity

The European Commission has outlined its vision for a European Digital Identity, which would seek to provide a ‘trusted and secure’ form of online identification for the use of public and private services.

As part of a presentation from the Commission to the Council Telecommunications and Information Society Working Party last week, officials highlighted why they believe digital identification has become ‘fundamental’ to the everyday operation of online services.

Source: Commission documents reveal vision for European Digital Identity – EURACTIV.com

Companies face greater risk as GDPR class actions emerge

In the past month three of the world’s largest tech firms have been hit with legal actions that could lead to billion-dollar damages suits for alleged violations of the GDPR.

Unusual for Europe, the complaints are led by a consumer rights group and a U.K. citizen rather than regulators. If the complainants win their cases, the companies involved could face eye-watering damages awards

Moreover, on June 22, EU institutions agreed on a new directive that will grant consumers in the bloc the right to sue collectively in cases of mass harm, ranging from air and passenger rights and financial services to tourism, energy, and telecommunications.

Source: Companies face greater risk as GDPR class actions emerge | Article | Compliance Week

New mechanism for EU data transfers ‘may be ready by Christmas’

A revised mechanism for transferring EU data outside of the EU may be ready by Christmas, according to the EU’s digital chief.

The new plan comes after the Schrems II ruling by the Court of Justice of the European Union in July, which invalidated the EU-US Privacy Shield transfer mechanism and upheld Standard Contractual Clauses (SCCs).

Source: New mechanism for EU data transfers ‘may be ready by Christmas’

1 2 3 137
>