The European Data Protection Board has published a legal study on Government Access to Data in Third Countries (including China, India, and Russia). Access here →
The Italian Data Protection Authority has published an information page on its website, containing their latest Cookie Guidelines. Explore the page here →
2) Notable Case Law
The French Data Protection Authority (the CNIL) has fined Google a total amount of 150 million euros for the way its cookie banner was implemented. The Authority found that data subjects could not reject as easily as they could accept cookies: several clicks were needed to reject while only one was needed to accept. Read about the decision here → (in French)
A settlement was reached after the Federal Trade Commission (FTC) for the United States filed a complaint against a lead generation company for selling sensitive information without the necessary permission. The complaint also stated that the company had been collecting and sharing sensitive information without regard to how it would be used, putting consumers at risk for identity theft and scams. Read the FTC summary here →
The European Data Protection Supervisor has issued a reprimand to the European Parliament, for its implementation of cookie banners on Covid testing platforms. It was found that the websites did not ensure adequate safety measures to information that was sent to the United States. The provider which built the website had copied code from another website it had built and installed cookies from services such as Stripe although, they weren’t being used. The NGO NOYB, which supported the claimants, has published the reprimand here →
3) New and Upcoming Legislation
European Union – The trilogues (a negotiation held between Parliament, Council, and Commission) on the Digital Markets Act have started on January 11th, 2022.
The founder of Signal has published an opinion article on web3, cryptocurrencies, and NFTs.
Mozilla has announced a partnership with a non-profit organisation, the Markup, to investigate Facebook’s tracking infrastructure.
Other key information from the past weeks
A Russian court has fined Google an estimated 8% of its annual Russian turnover after the company did not remove content that was deemed illegal according to Russian Law.
The European Data Protection Supervisor has published a blog post describing pseudonymous data as a “foundational technique”, which can, for example, mitigate security risks. Considering that, pseudonymous data is covered by the GDPR, while anonymised data is not.