The Brazilian National Data Protection Authority is examining ways to re-regulate international data transfers, moving away from the present GDPR-inspired restrictions. The Brazilian DPA has announced that it intends to base the new discipline on the SCCs of New Zealand and Singapore as they are more practical for companies. Read here → (in Spanish)
The French Data Privacy Authority has developed tools to assist professional sports organizations in complying with data protection laws. Organizations can learn more about the GDPR requirements for processing volunteer and employee data by using the self-assessment guide. The three educational resources created by the CNIL:
an explanation of the important concepts (personal data, data processing, goal or aim, etc.), with illustrations from the sports industry;
a summary of frequently asked questions from industry experts (e.g., may a sports facility collect an athlete’s tax identification number when they register? Can non-professional athletes’ performance results be posted online?);
a self-assessment manual outlining the key data flow processes involved in performing a sports activity.
Additionally, the CNIL has disclosed that it will publish particular content on data management for professional federations and leagues in the near future. Access here → (in French)
The Danish DPA (Datatilsynet) has begun a series of public and private sector cloud usage inspections. The inspections are in response to Datatilsynet’s recent guidelines on the use of cloud services, and they attempt to determine if authorities and businesses are in compliance with the laws. Reported here → (in Danish)
2) Notable Case Law
Antitrust authorities are looking into Google Play Store‘s pricing policies and developer payments. The Dutch antitrust Authority had previously begun an investigation, as did the UK competition Authority, but the EU Commission’s antitrust will investigate the anti-competitive behaviour on an EU-wide scale. Reported here →
The CJEU’s decision on sensitive data, released on August 1st, could have significant ramifications for online platforms that utilize background tracking and profiling to target users with behavioural adverts or to power tailored content on browsers. More on this story here →
3) New and Upcoming Legislation
The U.S. – The ‘Improving Cybersecurity of Credit Unions Act’ was proposed in the US Senate on August 4th. The bill’s goal is to protect bank clients from cyber threats. The bill empowers the National Credit Union Administration (NCUA) to investigate cybersecurity threats to banks. Access here →
4) Strong Impact Tech
WhatsApp has announced that it will not fall to the UK government’s demand to undermine end-to-end encryption by adding a backdoor for law enforcement investigations. As part of the Online Safety Bill, the British government, in particular, suggested the potential of monitoring private messages (e.g. to access images of child sexual abuse or other crimes in this context). In general, the British government is eager to assist in the development of programs that can detect photos while protecting the privacy of individuals. Reported here →
Other key information from the past weeks
A report on the implementation and functioning of the EU Data Protection Law Enforcement Directive has been released by the European Commission.
This year saw a record-high increase in the average data breach cost, reaching $4.4 million, according to research from IBM Security issued on Wednesday.
Due to data protection violations regarding research trips with cameras, the Lower Saxony Data Protection Authority fined Volkswagen €1 million.