The European Commission issued the long-awaited Q&A to its 2021 Standard Contractual Clauses (SCCs) under the GDPR on the 25th of May. The European Commission adopted two sets of standard contractual provisions on June 4, 2021: the use between controllers and processors inside the European Economic Area (EEA), and the transfer of personal data to countries outside the EEA. These Q&As are based on feedback from various stakeholders on their experiences with the new SCCs in the months after their implementation. Access the Q&As here →
The Brazilian DPA announced on May 26, 2022 that it had released guidelines for best practices in using cookies across the whole gove.br portal. Read more here → (in Portuguese)
NOYB has sent an open letter to all relevant parties on the Future of EU-US Data Transfers, highlighting the concerning developments on the topic. These details appear to raise greater concerns about the stability of any new European Commission adequacy agreement. The following are the key points raised in the open letter:
Applying a correct proportionality test on US surveillance law under Article 8 Charter of Fundamental Rights (CFR).
Creating a meaningful judicial redress under Article 47 Charter of Fundamental Rights (CFR).
The need to update commercial privacy protections.
According to a recent report published by the Dutch data protection authorities, Autoriteit Persoonsgegevens, data breaches caused by cyber attacks nearly doubled in 2021 compared to the previous year. Read more on this topic here → (in Dutch)
2) Notable Case Law
The Belgian DPA fined a Media Group € 50.000 for using cookies without valid consent on two websites. On the websites, levif.be and knack.be, operated by Roularta Media Group, around 60 technically unnecessary cookies were active directly when the page was accessed, without any corresponding consent from users. Read the decision here → (in French)
The Italian DPA (Garante Privacy) issued a find of €20,000 to a commercial company for using a customer’s data for promotional reasons without their consent and their subsequent behavior towards the individual. The Authority’s summary can be found here → (in Italian)
3) New and Upcoming Legislation
The California Privacy Protection Agency released on 27 May 2022 its Draft Proposed CCPA Regulations as an attachment to the upcoming 8 June 2022 meeting announcement. Access the draft here →
4) Strong Impact Tech
The District of Columbia attorney general has filed a lawsuit against Mark Zuckerberg, aiming to hold the Facebook co-founder personally liable for allowing the political consultancy Cambridge Analytica to gather the personal data of millions of Americans during the 2016 election season. Read more about this on our blog here →
The Federal Trade Commission is investigating Twitter, Inc. for falsely exploiting account security data for targeted advertising. Twitter required users to provide their phone numbers and email addresses to protect their accounts. The company then made money by letting marketers target specific consumers with this information. For more information about this investigation check out our blog here →
Other key information from the past weeks
Before the end of his term, the Privacy Commissioner gave his final annual address at the Canada Privacy Symposium 2022.
A delegation of seven MEPs visited Washington, DC to discuss the current state of play on the Civil Liberties Committee’s principal themes with US authorities and stakeholders.