Members of the European Parliament will proceed to discuss a draft motion for a resolution on Wednesday 1st of March 2023 in relation to the “European Commission’s draft adequacy finding covering the EU-US Data Privacy Framework, as well as the relevant opinion of the European Data Protection Board (EDPB).” Read here →
The European Commission has launched an initiative to further specify the procedural rules relating to the enforcement of the GDPR. The public can make their contributions until the 24th of March 2023. Access here →
The EDPB has published 3 new guidelines. The guidelines offer designers and social media users recommendations on how to avoid deceptive design patterns. Access the guidelines →
The EDPB has set out its priorities in a new work program, with the intention of boosting enforcement and cooperation by putting the Board’s strategic objectives into practice. Read about the program here →
The Danish Data Protection Authority (Datatilsynet) published new “cookie-wall” guidelines that provide online content either against consent or against payment. Read the guidelines here →
The US House Energy and Commerce Committee has announced that it will hold a hearing on privacy protection entitled “Promoting U.S. Innovation and Individual Liberty through a National Standard for Data Privacy” on March 1, 2023. Read about the decision here →
On February 27, 2023, the Brazilian Data Protection Authority (ANPD) published regulations for the application of administrative sanctions, which will empower the ANPD to give sanctions for non-compliance with the General Data Protection Law (LGPD). Read about the decision →
2) Notable Case Law
Edison Energia S.p.A., has been fined €4,900,000 euro by the Italian Garante for engaging in unlawful marketing practices in relation to profiling purposes. Edison Energia may still lodge an appeal within the 30 time window from the issuance of the decision. Read about the decision here →
Colorado: The final updates to the Colorado Privacy Act rules, which include “clarifications on controller obligations for data minimization and privacy policies, and consumer rights for universal opt-out signals”, were adopted and will take effect July 1, 2023.
California: Assembly Bill 1546 was introduced and read in the California State Assembly. In particular, the bill would require an action by the Attorney General to enforce the California Consumer Privacy Act to be commenced within a five-year period from when the cause of action occurred.
The US Securities and Exchange Commission is proposing a revision to the Federal Privacy Act Rule. “The current rules provide procedures for making Privacy Act requests, including requests for access to and amendment of records pertaining to the individual making the request.” Access the official press release here →
The Australian government has agreed to significant metadata reform. The Mandatory Data Retention Regime helps law enforcement and intelligence services immensely, yet it lacks openness and sufficient protections. Access here →
4) Strong Impact Tech
Both the European Commission and Council of the EU have banned their staff from using TikTok on their work and personal devices with work-related apps installed. Alternatively, staff could use the app on their personal devices, where no work-related apps are installed. Read about this story on our blog →
The German Data Protection Commissioner (BfDI) has been calling on the German Federal Government to shut down operations of its Facebook page. The BfDI has indeed issued a warning to this effect, however to date it seems that the Facebook page is still up and running. Read here →
Other key information from the past weeks
The European Parliament (“EP”) has concluded “that the EU-US Data Privacy Framework fails to create actual equivalence in the level of protection”.
The Australian Privacy Act Review is moving forward with a new government report and feedback is being sought until 31st of March 2023.
IAB Europe has proceeded to file a formal request for interim measures with the Belgian Market Court.