fbpx

Free tools and resources for Data Protection Officers!

Category Archives for "Legislation"

Appeal against government mass surveillance loses in High Court

The human rights group Liberty has failed in its legal bid to put an end to the Investigatory Powers Act.

The law permits mass monitoring of connected devices to enable intelligence agencies to extend surveillance and government knowledge. But the legislation, branded the “Snoopers’ Charter” by its detractors has come under heavy criticism.

Source: Appeal against government mass surveillance loses in High Court

European Commission refers Greece and Spain to Court

The European Commission decided to refer Greece and Spain to the Court of Justice of the EU for failing to transpose the EU rules on personal data protection (the Data Protection Law Enforcement Directive, Directive (EU) 2016/680).

In April 2016, the Council and the European Parliament agreed the Directive had to be transposed into national law by 6 May 2018.

Source: Data protection: Commission refers Greece and Spain to Court

New bill could ban facial recognition in public housing

The No Biometric Barriers to Housing Act is expected to be introduced this week. The bill would prohibit the use of facial recognition technology in public housing units that receive funding from the Department of Housing and Urban Development (HUD).

The proposed bills follows after tenants in Brooklyn filed a legal opposition to their landlord’s application to install a facial recognition entry system. The tenants argued that the use of facial recognition technology was an excessive invasion of privacy.

Source: New bill could ban facial recognition in public housing

European Data Protection Board Issues Opinion on U.S. CLOUD Act

On July 10, 2019, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint assessment of the impact of the U.S. Clarifying Overseas Use of Data Act (CLOUD Act) on the legal framework for the protection of personal data in the EU.

The institutions note that the extraterritorial effect of the CLOUD Act could result in service providers being “susceptible to facing a conflict of laws between US law and the GDPR and other applicable EU or national law of the Member States.”

Source: European Data Protection Board Issues Opinion on U.S. CLOUD Act

FaceApp Reveals Huge Holes in Today’s Privacy Laws

Cameras are everywhere, and data brokers are vacuuming up information on individuals. But regulations have not kept pace.

Facial recognition is only the tip of the iceberg. License-plate readers, shopping beacons, and a whole suite of mobile trackers follow individuals both online and offline.

Facial recognition is only the tip of the iceberg. License-plate readers, shopping beacons, and a whole suite of mobile trackers follow individuals both online and offline.

Full article: FaceApp Reveals Huge Holes in Today’s Privacy Laws – The Atlantic

Cookies and other tracking devices: the CNIL publishes new guidelines

Without waiting for the future ePrivacy regulation, which is currently under discussion at the European level and which is not likely to come into force in the short term, the CNIL has decided to update its reference framework. In particular, it was necessary to repeal the 2013 recommendation, which was not compatible with the new provisions of the GDPR.

Full article: Cookies and other tracking devices: the CNIL publishes new guidelines

EU working group to harmonize sanctions

Sweden is entering as one of the chairmen of the EU working group to work for harmonization of sanctions according to the Data Protection Regulation, GDPR.

The guidelines for harmonized penalties within the EU are expected to be completed next year. The national inspection guidelines will be revised when the common EU guidelines have been adopted.

Source: The Data Inspectorate leads the EU working group on sanctions – the Data Inspectorate

ICO opens consultation on the draft data sharing code of practice

The updated draft code of practice will explain and advise on changes to data protection legislation where these changes are relevant to data sharing. It will address many aspects of the new legislation including transparency, lawful bases for processing, the new accountability principle and the requirement to record processing activities.

The updated draft code is now out for public consultation and will remain open until Monday 9 September 2019.

You can respond to the consultation via our online survey, or you can download the document below and email datasharingcode@ico.org.uk.

Source: ICO consultation on the draft data sharing code of practice | ICO

EDPB Publishes Opinion on the Competence of a Supervisory Authority Relating to the Main or Single Establishment

On July 9, 2019, the European Data Protection Board (EDPB) adopted Opinion 8/2019 on the Competence of a Supervisory Authority in Case of a Change in Circumstances Relating to the Main or Single Establishment at the request of the French and the Swedish data protection authorities.

A change of circumstances relating to the main or single establishment may occur when the single or main establishment is (i) relocated from an EEA country to another EEA country; (ii) moved from or ceases to exist in an EEA country; (iii) relocated from a non-EEA country to an EEA country or is set up in an EEA country.

Full article: EDPB Publishes Opinion on the Competence of a Supervisory Authority in Change in Circumstances Relating to the Main or Single Establishment

ePrivacy Regulation Slowly Moves Forward

Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021.

With the Romanian Presidency’s oversight of the Council of the European Union passing to Finland as of July 1, and in view of forthcoming EU parliamentary elections and procedural considerations, it is possible that the adoption of the ePrivacy Regulation may be delayed even further.

Full article: EU Updates: ePrivacy Regulation Inches Forward, EDPB Issues Guidance on Interplay Between GDPR and ePrivacy Directive

>