The Italian Data Protection Authority (Garante) has issued the final Cookie guidelines. The Portuguese Authority has also announced that it would issue Cookie Guidelines this year. Read the Italian guidelines here → (in Italian) | Tweet this
The European Data Protection Board has adopted Guidelines on Codes of Conduct, on Virtual Voice Assistants and on the concepts of Controllers & Processor. Read the adopted guidelines here → | Tweet this
The German Data Protection Authority for Sachsen- Anhalt has published guidelines on remote working. Read here → (in German) | Tweet this
2) Notable Case Law
The Spanish Data Protection Authority has imposed a fine against a company as it did not comply its information obligations for the fair and transparent processing of personal data. For instance the Privacy Policy did not refer the applicable Data Protection legislation. Read the case here → (in Spanish) | Tweet this
The Finnish Data Protection Authority has issued a fine against a company following a number of complaints. Indeed, the company had conducted direct marketing with automated calls without previous consent. The company had also used a subcontractor without concluding a processing agreement. Read the press release here → (in Finnish) | Tweet this
The German Data Protection Authority for Hamburg has issued a press release after the audit by several German Authorities of 49 websites which request consent for the processing of their visitor’s personal data. The audit for instance assessed the level of complexity for rejecting cookies or the accuracy of the information in the cookie banners. Read the post here → (in German) | Tweet this
United States (Colorado) – Colorado became the third US State to have comprehensive privacy legislation. The Colorado Privacy Act was passed into Law and is to come into effect by the 1st of July 2023. It for instance grants a right to opt-out, to access, to correct and to delete personal data. It also prohibits dark patterns. Tweet this
United States (New York) – The Biometric Data Protection Law has entered into force on July 9th 2021, requiring certain organisations to post formal notices if they collect biometric data. Tweet this
New Zealand – The Government has established the legal framework for anew consumer data right, to allow consumers to securely share data that is held about them with trusted third parties, using standardised data formats and interfaces. Tweet this
Peru has opened a new platform for the National Register of Data Protection. Cross-border transfers must for instance be notified to the National Register. Tweet this
Other Key information from the past weeks
The Italian Data Protection Authority (Garante) made a decision to fine a company €2.6 million for a lack of transparency and accuracy in their use of algorithms to manage employees.
The European Data Protection Board has published a leaflet about the One-stop-shop for data protection enforcement across EU borders.
