The UK Data Protection Authority (the ICO) has updated their Framework on Accountability, to help organisations with their privacy management programs. View the framework here →
The Luxembourg Data Protection Authority (the CNPD) has published guidelines on the impact of Brexit on Data Transfers. Read the guidelines here →
The Belgian Data Protection Authority (the APD) has opened a consultation on recommendations on Biometric Data. Access the public consultation here →
The European Commission has issued a call for a study on the impact of recent developments in adtech and the impact on privacy, publishers, and advertisers. Call for tenders here →
2) Notable Case Law
The ICO is investigating an alleged data breach from the Department of Health and Social Care. A company providing CCTV services for the Department notified a breach after images were published in a tabloid without the organisation’s agreement. Read the ICO’s press release here →
The Swedish Data Protection Authority has found that several firefighter stations excessively used surveillance cameras. The Rescue Service was fined and ordered to limit the use of CCTV cameras. Read the decision and order to comply here →
The Brazilian State Procon in Mato Grosso has issued a $572,680 fine against a pharmaceutical company for collecting and processing personal data from customers without their consent. Read the press release here →
The NGO BEUC has filed a complaint against WhatsApp with the European Commission and the network of European consumer authorities. BEUC notably argued that the company’s new terms and conditions and privacy notice are opaque and that consumers are pushed to accept them. Read BEUC’s press release here →
3) New and Upcoming Legislation
United States (Ohio) – The Ohio Privacy Bill has been introduced by the House of Representatives. It encourages businesses to follow the National Institute of Standards and Technology (NIST) Privacy Framework. Read House Bill 376 here →
China – The first local Privacy Law was passed in Shenzhen, according to which apps cannot restrict their services to users who have agreed to data access agreements. The law is available in Chinese here →
4) Strong Impact Tech
A coalition of news outlets have accused NSO, a surveillance tech company based in Israel, of supplying software used by governments to hack the phones of a number of journalists, activists, business executives and politicians.
Other key information from the past weeks
In the United States, Colorado became the third US State to have comprehensive privacy legislation. The Colorado Privacy Act was passed into Law and is to come into effect by the 1st of July 2023. It for instance grants a right to opt-out, to access, to correct and to delete personal data. It also prohibits dark patterns.
The Italian Data Protection Authority (Garante) has issued the final Cookie guidelines. Read our updated post here →
