The European Data Protection Board (EDPB) released Guidelines on the targeting of social media users. The Guidelines aim to clarify the roles and responsibilities of social media providers and of targeters, for instance in the case of joint controllership. Read here →
The Norwegian Data Protection Authority has released its 2020 annual report. The report notes the regulatory sandbox on artificial intelligence, work related to the Covid-19 pandemic, improvements to children’s privacy, and more. Read here → (available in Norwegian)
2) Notable Case Law
France: the Council of State ruled on the conformity of French rules on the retention of connection data, with EU law. It stated that such data retention can be justified in the context of a threat to national security, on the condition that the government regularly reevaluates the threat and obtains the green light from an independent authority. Read the summary here →
Spain: the Data Protection Authority (the AEPD) has imposed a 12.000€ fine on NBG Technology, S.A.U. for processing personal data without proper consent. Read the decision here → (available in Spanish)
3) New and Upcoming Legislation
El Salvador passed a Personal Data Protection Law. The Law will come into force a year after its publication in the official gazette and allow a six-month grace period. Read it here →
The European Commission published a proposal for new rules and actions for trustworthy Artificial Intelligence. It notably presents the different levels of risks AI can pose and provides that national authorities will supervise the new rules. The Regulations will then have to be adopted by the Parliament and by the Member States. More details here →
The UK’s draft Law on Security by Design is to include smartphones. This would allow consumers to be informed of the duration of time for which their device will receive software updates. Read it here →
4) Strong Impact Tech: facial recognition in Italy
Apple’s App Tracking Transparency has been rolled out as of Monday, 26th 2021.
Google’s FLoC trials have slowly started in the United States.
Facebook unveiled its expanded data portability tool. The company also opened an investigation on a leak of data from more than 533 million accounts. Several Data Protection Authorities have asked for more information from Facebook.
Other Key information from the past weeks
The European Data Protection Board (EDPB) has adopted an Opinion regarding the GDPR and the Draft U.K. adequacy decision made by the European Commission. Read it here →
The Washington Privacy Act has not passed the House of Representatives.