The United Kingdom’s Information Commissioner’s Office has issued a statement on mandatory vaccination and vaccine checks. Read the statement here →
In Germany, the Baden-Württemberg Data Protection Authority has modified its FAQ guidance on International Transfers, to include examples referring to the new Standard Contractual Clauses (SCCs). Access the FAQs here →
2) Notable Case Law
The Norwegian Data Protection Authority has made a decision against a European company for transferring personal data to their processor, in China, without a proper legal basis. Read the decision here →
The Italian Data Protection Authority has launched an investigation into applications that collect and sell personal data by accessing their user’s microphones, without express consent. Access the decision here →
The Spanish Data Protection Authority has issued a fine against a company, on the basis that they had not responded to a data breach responsibly, nor appointed a Data Protection Officer. More on the decision here →
3) New and Upcoming Legislation
European Union – The European Council has agreed on a negotiating mandate for the Digital Governance Act. The mandate allows the European Council to start negotiating the Act with the European Parliament before it is passed by both institutions. A press release from the European Council has stated that: “The Act would seek to set up solid mechanisms to facilitate the reuse of certain categories of protected public-sector data, increase trust in data intermediation services and promote data altruism across the EU.” Read the press release here →
US (Nevada) – An Act on internet privacy has passed, notably giving consumers certain rights over the sale of their personal data and putting certain restrictions on data brokers. Access the new Law here →
The State of Quebec has passed a new privacy law that came into force on September 22nd, 2021. It for instance sets new requirements for data breach reporting, internal data management policies, and new transparency obligations.
The European Data Protection Board (EDPB) has adopted an Opinion on the Draft South Korea Adequacy Decision. The representatives of EU countries now need to approve it before it is adopted by the European Commission.