The EDPS published its opinion on a proposed Regulation laying down cybersecurity requirements for products with digital elements. The proposed Regulation aims to set out EU-wide cybersecurity requirements for a broad range of hardware and software products and their remote data processing solutions. Read the press release here →
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) stated that the plan to store government data in commercial cloud services, as drafted, poses serious privacy risks. Read here → (In Dutch)
The Belgian Data Protection Authority (APD) has set its enforcement priorities for 2023. The APD will focus on developing reflections and measures on cookies to be correlated with the rest of Europe and on building stronger relationships with organizations’ data protection officers. Access here → (in French)
The UK Data Protection Authority (Information Commissioner’s Office) published an update to its guidance on international transfers. This includes a new section on transfer risk assessments (TRAs) and a tool to perform such assessments. Read about it here →
2) Notable Case Law
On November 17, 2022, the organization Privacy for America published an assessment of the online advertising studies that economists from NERA Economic Consulting had done. Access here →
The French Data Protection Authority (CNIL) imposed a fine of €800.000 on U.S. messaging platform Discord for failing to comply with a number of requirements set out in the General Data Protection Regulation (GDPR). Read about the decision here → (in French)
The Spanish Data Protection Authority (AEPD) imposed a fine of €56.000 on Vodafone due to the forwarding of another person’s contract to a customer following the complaint from a customer of the telecom company. The Authority’s summary can be found here → (in Spanish)
3) New and Upcoming Legislation
According to EU reports, legislators and diplomats are still talking about the delicate subject of processing electronic communications data, metadata, and content, proving that the ePrivacy Regulation is not dead. Reported here on our blog →
The Kids Online Safety Act and the Children and Teens’ Online Privacy Protection Act, which the US Senate sponsors, among other things, call for platforms to shield kids from harmful content using new features and safety measures and to make privacy settings “on” by default for young children. Read here →
Argentina’s Data Protection Authority (Agency for Access to Public Information) announced the finalization of its reform proposals to Law No. 25.326 on Personal Data Protection. Access here → (In Spanish)
4) Strong Impact Tech
In relation to its location tracking practices, Google and the attorneys general of 40 states have reached a $391.5 million settlement. Reported here →
In addition to the FTC’s warning to Elon Musk’s Twitter yesterday that “no CEO or company is above the law,” the European Union’s top regulator of the microblogging platform is investigating it after senior employees in charge of security and privacy compliance quit. Read about it here →
Other key information from the past weeks
A key European Union lawmaker has described meetings taking place at the beginning of November with the U.K. government over the country’s data protection reform plans as “appalling.”
According to the Californian website (Govtech.com), a new privacy regulation might significantly alter how children and teenagers use the Internet nationwide as well as in California
The Brazilian data protection authority (ANPD) announced, on 8 November 2022, that it had approved its regulatory agenda for the biennium 2023-2024.