fbpx

Download free GDPR compliance checklist!

Category Archives for "Legislation"

EDPB & EDPS adopt joint opinions on new sets of SCCs

The EDPB and EDPS have adopted joint opinions on two sets of contractual clauses (SCCs). One opinion on the SCCs for contracts between controllers and processors and one on the SCCs for the transfer of personal data to third countries.

Several amendments were requested in order to bring more clarity to the text and to ensure its practical usefulness in day-to-day operations of the controllers and processors. These include the interplay between the two documents, the so-called “docking clause” which allows additional entities to accede to the SCCs, and other aspects relating to obligations for processors. Additionally, the EDPB and EDPS suggest that the Annexes to the SCCs clarify as much as possible the roles and responsibilities of each of the parties with regard to each processing activity – any ambiguity would make it more difficult for controllers or processors to fulfil their obligations under the accountability principle.

Source: EDPB & EDPS adopt joint opinions on new sets of SCCs

FAA Publishes Final Rule for Operating Drones Over People

The Federal Aviation Administration published the final rule for the operation of drones over people.

The rule allows drones to operate over people without first obtaining a waiver to do so. The drone must meet certain requirements (e.g. the drone can’t have exposed rotating blades) and the rule doesn’t generally allow sustained flight over large gatherings of people outside.

Source: FAA Publishes Final Rule for Operating Drones Over People

Ireland brings in tough laws on revenge porn and online bullying

People guilty of online harassment and revenge porn in Ireland could face up to 10 years in prison as part of a bill passed with all-party support in December.

The crackdown on online harassment is of particular significance in Ireland, which hosts the European headquarters of Twitter, Facebook and other social media platforms where such practices are pervasive. Ireland faces rising pressure from its European partners to impose greater regulatory scrutiny on these firms.

Source: Ireland brings in tough laws on revenge porn and online bullying – POLITICO

Tech Giants Hope for US Data Privacy Law

Google, Twitter and Amazon are hopeful that Joe Biden’s incoming administration in the United States will enact a federal digital data law, senior company officials said at CES, the annual electronics and technology show.

“There are more than 100 national data privacy laws in the world,” said Anne Toth, director of Amazon’s Alexa Trust. “We’re dealing with a forever patchwork quilt but we’re trying to minimize the differences.”

Source: Tech Giants Hope for US Data Privacy Law | SecurityWeek.Com

German Federal Government Passed a Draft Law Amending Germany’s Information Technology Laws

On December 16, 2020, the German Federal Government passed a draft law that substantially amends some of Germany’s information technology laws.

These amendments aim to adapt the current legal framework to the increasing digitalization of products and services, the proliferation of IoT products, and the appearance of new cybersecurity threats. The draft law is expected to be enacted in the German Parliament in the first quarter of 2021.

Source: German Federal Government Passed a Draft Law Amending Germany’s Information Technology Laws | Inside Privacy

Council of the EU Released a New Draft of the ePrivacy Regulation

On January 5, 2021, the Council of the European Union released a new, draft version of the ePrivacy Regulation.

The Portuguese Presidency’s substantive amendments to the draft regulation propose to “simplify the text and to further align it with the GDPR,” and further “reflect the lex specialis relation of ePrivacy to the GDPR.”  In this respect, the Portuguese Presidency follows the same approach taken by the previous Presidencies of the Council.

Source: Council of the EU Released a (New) Draft of the ePrivacy Regulation | Inside Privacy

Alphabet unit Wing blasts new U.S. drone ID rule, citing privacy

Alphabet Inc’s drone delivery unit Wing criticized Trump administration rules issued this week mandating broadcast-based remote identification of drones, saying they should be revised to allow for internet-based tracking.

On Monday, the Federal Aviation Administration (FAA) issued rules that will allow small drones to fly over people and at night in the United States and mandate remote identification technology for nearly all drones.

Source: Alphabet unit Wing blasts new U.S. drone ID rule, citing privacy | Reuters

Brazilians mostly unaware of data protection regulations

Despite concerns over potential misuse and lack of trust, research has found consumers are not questioning corporate practices around personal data handling.

The survey carried out by Brazilian credit intelligence company Boa Vista with over 500 consumers between August and September 2020 suggests that over 70% of those polled do not know what the General Data Protection Regulations are.

The vast majority of the consumers polled (90%) feel their personal information is not protected appropriately by the companies requesting them, while 77% have expressed concerns over potential misuse of their data. Of the Brazilian consumers surveyed, 40% said they have been victims of fraud.

Source: Brazilians mostly unaware of data protection regulations | ZDNet

Brexit Deal Keeps EU-UK Data Flows Open as Parties Pursue Mutual Adequacy

On December 24th, with a year-end deadline and the holidays fast approaching, European Commission and United Kingdom officials announced they reached a deal on the EU-UK Trade and Cooperation Agreement.

Once formally adopted by the European Union institutions, the Agreement will govern the relationship between the EU and UK beginning on January 1, 2021, following the end of the Brexit transition period.

Parties agreed to allow for the continued free flow of personal data for up to six months to allow time for the EU and UK to adopt mutual “adequacy decisions”. Absent these adequacy decisions organizations would need to consider implementing additional safeguards, such as standard contractual clauses, to transfer personal data between the EU and UK.

Source: Brexit Deal Keeps EU-UK Data Flows Open as Parties Pursue Mutual Adequacy

UK ICO Publishes New Data Sharing Code

On December 17, 2020, the UK Information Commissioner’s Office (ICO) published its Data Sharing Code of Practice following a public consultation which commenced in 2019.

The Code focuses mainly on data sharing among data controllers who are subject to the GDPR and the UK Data Protection Act 2018. Due to the detailed way in which the Code covers data sharing in the context of the GDPR, it will also be of wider interest to data controllers in the EU and beyond – even after the end of the Brexit transition period.

Source: UK ICO Publishes New Data Sharing Code | Alston & Bird Privacy Blog

>