The Swiss Data Protection Authority has issued a Guide on transfers to third countries. Read the guide here →
The French Data Protection Authority (the CNIL) has published a post on the new Standard Contractual Clauses. You can find the post here →(in French)
The Spanish Data Protection Authority (the AEPD) has updated its platform for data breach notifications. Access it here →(in Spanish)
2) Notable Case Law
The Court of Justice of the European Union (CJEU) ruled that in exceptional cases, a national Data Protection Authority (DPA) may bring alleged infringements before their national court and engage in legal proceedings, without being the lead authority. However, one main condition is that the rules on cooperation and consistency set out by the GDPR are respected. Full details here →
The AEPD has issued a €1.200 fine against a radio station, notably for placing non-necessary cookies before obtaining the user’s consent. The decision also noted that the link towards the Cookie Policy was not easily accessible from the first or second layer of the cookie banner. Read the decision here →(available in Spanish)
The CNIL has ordered a company to pay a €500,000 fine. The company failed to respect its set data retention delays and did not have a fully transparent Privacy Policy. Furthermore, the company sent marketing emails to users who had not yet made a purchase nor granted their consent. Read the CNIL’s summary of the case here →(available in French)
3) New and Upcoming Legislation
European Union – The UK adequacy decision was reportedly approved by the Member States. The Commission must however adopt the final decision for it to become applicable. For more information surrounding this topic, read our post on the GDPR and Brexit.
The Republic of Korea – The European Commission has launched the procedure for an adequacy decision in favour of the Republic of Korea. The next step in the procedure is for the EDPB to issue an Opinion.
US (Connecticut) – An Act concerning data Privacy breaches signed into law. Read about the Act here →
4) Strong Impact Tech
The European Data Protection Supervisor and the European Data Protection Board issued a joint opinion, calling for a ban on automated recognition of human features (for instance facial recognition) in public spaces and other uses of AI which could result in discrimination.
Other key information from the past weeks
In the United States, several Federal Bills related to data privacy were introduced before the Senate.
Apple unveiled the iOS 15 (expected to come out this fall), which builds on the Apple App Tracking Transparency feature.