The UK’s ICO and six other data protection authorities have issued a joint statement on their privacy expectations of Video Teleconferencing companies. Read the statements here →
The General Privacy Assembly adopted draft resolutions on Data Sharing for the public good, children’s digital rights, government access to data and the future of the Global Privacy Assembly. Read highlights from the closed session here →
The Spanish Data Protection Authority has published a post on differential privacy, as a follow-up to its publication on anonymised data. Access it here →(in Spanish)
2) Notable Case Law
The Belgian Supreme Court has annulled the decision of a Court of Appeals in a case concerning digital identity cards. Basing its analysis on the principle of data minimisation, the Supreme Court decided that a person to whom a service had been refused because they did not share their personal data, had a right to complain. Indeed, in this case, the claimant had considered the data processing to be excessive. Read the Data Protection Authority’s summary here →(in French)
The Norwegian Data Protection Authority (the Datatilsynet) has fined a company for undergoing credit assessments of individuals who did not have a prior commercial relationship. The company was found not to have a legal basis for its processing of this personal data. Read the Datatilsynet’s summary here →
3) New and Upcoming Legislation
China – The Personal Information Protection Law has come into effect as of Monday, 1st of November. It notably requires cross-border data transfers to first be submitted to the Cyberspace Administration and a consultation was opened on measures to export data outside of China. Open the PIPL here →(Not yet available in English)
United States – The Digital Accountability and Transparency to Advance Privacy Act was reintroduced before the Senate. It comprises a general right to opt-out and a specific right to opt-in for sensitive information. It would not preempt State privacy laws. Follow the Bill →
United Nations – Two UN agencies have launched the Data Disclosure Framework for international service providers responding to data requests from foreign criminal justice authorities. It targets smaller tech companies and micro-platforms.
Brazil – The Brazilian Data Protection Authority has approved the Regulation of the Inspection Process and the Sanctioning Administrative Process. This Regulation notably set the procedural rules for the Authority’s inspections and sanctions. Open the Regulation here →(in Portuguese)
4) Strong Impact Tech
Google is expected to allow children under the age of 18 to request that their photos be removed from the search engine. To make a request, they will have to fill-in this form.
The Right to Data Protection is becoming a constitutional right in Brazil.
The European Data Protection Board (EDPB) adopted a guidance that expands on Article 23 of the General Data Protection Regulation (GDPR). The Guidelines discuss the conditions for Member States or the EU legislator to use restrictions of data subject rights.