The Garante Privacy is advancing in its assessment of the lawfulness of some online newspapers, which make access to their content conditional upon the consent to profiling treatments (through cookies or other tracking tools) or, alternatively, upon the payment of a sum of money, continues. For information on the lawfulness of the cookie wall in Europe, see here or access the official report here → (In Italian)
The Garante Privacy announced, on 11 November 2022, that it had launched an online tool for reporting unwanted phone calls to the Garante. In particular, the Garante stated that the new online tool will fully replace the previous reporting mechanism by means of a paper form and that it is part of a package of online services that the Garante is implementing to simplify its services to citizens. Access here →
A key European Union lawmaker has described meetings taking place at the beginning of November with the U.K. government over the country’s data protection reform plans as “appalling.” Reported here →
The Brazilian data protection authority (ANPD) announced, on 8 November 2022, that it had approved its regulatory agenda for the biennium 2023-2024. Access here → (In Portuguese)
2) Notable Case Law
The UK Data Protection Authority (ICO) imposed a fine of £160,000 on Zuwyco Limited for making more than 90,000 unsolicited calls for direct marketing purposes to subscribers who had been listed on the “no call” register for not less than 28 days, contrary to regulation 21(1)(b) of PECR. Read about it on our blog →
On November 3, 2022, the Spanish Data Protection Authority (AEPD) imposed a fine following reports on the use of minors’ personal information, the General Data Protection Regulation and Information Society Services and Electronic Commerce were both violated. Access here → (In Spanish)
3) New and Upcoming Legislation
The European Parliament adopted last Thursday the “Network and Information Systems (NIS) 2 Directive”, which requires EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions. Read the press release here →
According to the Californian website (govtech.com), a new privacy regulation might significantly alter how children and teenagers use the Internet nationwide as well as in California. Read more on govtech.com →
4) Strong Impact Tech
The United Kingdom’s National Cyber Security Centre (NCSC), the government agency that leads the country’s cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities. Reported here →
Other key information from the past weeks
The Italian Data Protection Authority published its report on the number of data breach notifications and alerts received in the last quarter.
The California Privacy Protection Agency has launched a 15-day comment period on the draft regulation of the amended California Privacy Rights Act. Specifically, the period will run until 21 November.
The Spanish data protection authority (AEPD) has created a tool to help decide whether to notify a data breach to the supervisory authority.