DPO Newsletter: Data Protection & Privacy News (issue #47)

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

• Guidelines from the European Data Protection Board (EDPB) have been updated for using codes of conduct as tools for data transfers. The guidelines, which were first adopted in July 2021, aim to “provide clarification as to the role of the different actors involved for the setting of a code to be used as a tool for transfers and the adoption process with flow charts.” Read the updated guidelines here →
• The German Data Protection Conference (DSK) published updated guidance on the processing of personal data for direct marketing purposes. The guidance clarifies, among other things, the obligations related to the provision of information to users and the conditions for consent. Access the guidelines here → (in German)

2) Notable Case Law

• The (Greek) Hellenic Data Protection Authority fined two telecommunications companies 9.25 million euros for violating the principle of legality due to imprecise and insufficient information provided to users. The company was also sanctioned for having insufficient security measures in place, among other things. Read about the sanction here →

3) New and Upcoming Legislation

• The following privacy legislation has been advanced in US states:
  • Florida – Both Houses passed an act relating to consumer data privacy (HB 9) on March 2, 2022. Read the official text here →
  • Utah – The amended Consumer Privacy Act (SB 227) has been signed. Access the Act →
  • Virginia – The Consumer Data Protection Act (CDPA) has been updated to include the newly approved provision on data deletion requests (HB 381).
  • Washington – The Act Relating to protecting and enforcing data privacy rights of Washingtonians (HB 1850) has advanced after receiving a favorable recommendation by the Washington House Appropriations Committee. Access the official text here →
• Switzerland’s Federal Office of Justice (FOJ) announced that the revised version of the Federal Data Protection Act (DSG) will presumably enter into force in September 2023. The implementing ordinance, which would confirm the exact date, is expected to be published one year early, namely in September 2022, to grant companies a reasonable time to comply with the provisions of the Act. Find the announcement here → (in German)

4) Strong Impact Tech

• The NOYB launched the second batch of complaints addressed to 270 website operators in the European Union that are deemed to use non-compliant cookies banners. Reported here →

Other key information from the past weeks

• The Civil Liberties, Justice and Home Affairs (‘LIBE’) Committee of the European Parliament announced it will hold a review session of the implementation and enforcement of the GDPR and the “possible ways of improvement.”
• The director of the US Department of Commerce – Privacy Shield stated that his team and their European Union counterparts are close to finalizing a transatlantic agreement between the two regions for data transfers to clarify the uncertainty on the matter.

About us

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com