The Data Protection Authority for Japan has issued a draft Guide on International Data Transfers. Read it here → (in Japanese)
The IAB Europe has released a Guide to Contextual Advertising, notably discussing alternatives to third-party cookies. Access the Guide here →
2) Notable Case Law
The French NGO, La Quadrature du Net, has published additional information on the Data Protection Authority’s decision against Amazon. Indeed, according to a letter sent by the Data Protection Authority for France on the topic, Amazon did not have a legal basis for the processing of personal data in the context of behavioural analytics and ad targeting. Read the letter here → (in French)
The New Zealand High Court has issued an order to a radio station, blocking the use of a stolen dataset resulting from a cyber-attack, although it had come into the public domain. Read the court decision here →
The Austrian Data Protection Authority has fined a loyalty program operator, Unser Ö-Bonus Club, for lack of transparency and the unlawful collection of personal data. Indeed, for consent to be valid, it must be freely given and requested in plain language. The company was fined €2,000,000
3) New and Upcoming Legislation
Japan – the revised draft Law Enforcement Regulation on the Protection of Personal Information was published and a request for public comments was made. Public comments will close in early September. Read the draft Law here →(in Japanese)
Italy – the cybersecurity law resulting from the Decree No. 82 of 14 June 2021, came into force on the 5th of August 2021. The Law notably contains provisions on the new National Cyber-Security Agency. Read the Law here →(in Italian)
4) Strong Impact Tech
Apple has launched an initiative to scan the images of iPhone users to detect Child Sexual Abuse Material. Although the initiative was acclaimed by several United States politicians, it was also criticised as a threat to encryption and the user’s privacy. Read Apple’s presentation of the initiative here →
Other Key information from the past weeks :
The Attorney General for California sent enforcement letters to organisations requesting information about cookies, trackers, and analytics.
The French Data Protection Authority fined a company €400.000 for lack of transparency in their processing of personal data. The company had failed to inform persons that their personal data had been collected for the purpose of lobbying.