Convention 108+, the Council of Europe’s data protection convention, produced a draft of standard contractual provisions in transcoder data flows during its most recent Consultative Committee for protecting individuals concerning the automatic processing of personal data. Read the clauses here →
Italy has released a new registry of oppositions in the Official Gazette. Following the approval of the Council of Ministers and a favorable opinion from the Italian data protection authority, Presidential Decree No. 26 was published in the Official Gazette on March 29, 2022. The full decree can be accessed here → (Italian)
The Singapore DPA (PDPC) has released a new guide on Basic Anonymisation. The guide aims to give businesses more practical advice on executing basic anonymisation and de-identification of diverse datasets using a simple 5-step anonymisation procedure. Read the new guidelines here →
2) Notable Case Law
The UK DPA (ICO) fined a consulting company £80,000 for sending hundreds of thousands of text messages without the recipients’ consent between January 2020 and July 2020. Read about the decision here →
An Italian telecom business was fined € 200,000 by the Italian DPA (Garante Privacy) for violating Articles 12(2) and 12(3) of the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), as well as Article 132 of the Personal Data Protection Code. The authority’s decision be found here → (in Italian)
The Swedish Data Protection Authority fined Klarna Bank SEK 7,500,000 (equivalent to around € 727,000) for failing to provide enough information on client data processing on the company’s website. The Swedish Data Protection Authority fined the company because the information it gave on processing customer data on its website did not meet the GDPR’s criteria. Reported here → (in Swedish)
3) New and Upcoming Legislation
Legislators in the European Union voted in support of controversial measures to make anonymous crypto transactions illegal, a move the sector has criticized as stifling innovation and invading privacy. Access the full story here →
4) Strong Impact Tech
On March 24, the EU’s governing bodies declared that they had reached an agreement on the Digital Markets Act, the most comprehensive legislation aimed at Big Tech in Europe (DMA). Security experts say new EU rules will damage WhatsApp encryption. More can be found on the agreement here →
Following the new mandate, the French Presidency of the European Council presented a compromise to the other member states on targeted advertising, marketplaces, and systemic risks. The compromise aims to satisfy the European Parliament’s position on minors, sensitive data, online marketplaces, the definition of massive online platforms, and requirements relating to systemic risks. Reported here →
Google is updating its Workspace Settings, including a change that enables activity tracking for all users of Google Workspace accounts, even if the organization’s admin previously blocked it. Furthermore, admins no longer have authority over this setting for their users; instead, all users must individually toggle the tracking off. Access the news here →
According to three people with knowledge of the situation, Apple Inc. and Meta Platforms Inc., the parent company of Facebook, supplied consumer data to hackers posing as law enforcement authorities. Read the full article here →
Other key information from the past weeks
The Chinese government has identified genetic data as a national strategic resource and tightens state control over gene banks and other genetic data repositories.
A campaign using Google’s reCAPTCHA service to overcome email security and redirect consumers to phishing URLs was reported by the Avanan cybersecurity firm.