Guidelines from the European Data Protection Board (EDPB) have been updated for using codes of conduct as tools for data transfers. The guidelines, which were first adopted in July 2021, aim to “provide clarification as to the role of the different actors involved for the setting of a code to be used as a tool for transfers and the adoption process with flow charts.” Read the updated guidelines here →
The German Data Protection Conference (DSK) published updated guidance on the processing of personal data for direct marketing purposes. The guidance clarifies, among other things, the obligations related to the provision of information to users and the conditions for consent. Access the guidelines here → (in German)
2) Notable Case Law
The (Greek) Hellenic Data Protection Authority fined two telecommunications companies 9.25 million euros for violating the principle of legality due to imprecise and insufficient information provided to users. The company was also sanctioned for having insufficient security measures in place, among other things. Read about the sanction here →
3) New and Upcoming Legislation
The following privacy legislation has been advanced in US states:
Switzerland’s Federal Office of Justice (FOJ) announced that the revised version of the Federal Data Protection Act (DSG) will presumably enter into force in September 2023. The implementing ordinance, which would confirm the exact date, is expected to be published one year early, namely in September 2022, to grant companies a reasonable time to comply with the provisions of the Act. Find the announcement here →(in German)
4) Strong Impact Tech
The NOYB launched the second batch of complaints addressed to 270 website operators in the European Union that are deemed to use non-compliant cookies banners. Reported here →
Other key information from the past weeks
The Civil Liberties, Justice and Home Affairs (‘LIBE’) Committee of the European Parliament announced it will hold a review session of the implementation and enforcement of the GDPR and the “possible ways of improvement.”
The director of the US Department of Commerce – Privacy Shield stated that his team and their European Union counterparts are close to finalizing a transatlantic agreement between the two regions for data transfers to clarify the uncertainty on the matter.