The Slovenian DPA has prepared an infographic on how to conduct an impact assessment. The infographic, in particular, includes a checklist with the most typical gaps, which can be used to verify the impact assessment’s accuracy and avoid common mistakes. Access the infographic here → (in Slovenian)
The US Consumer Financial Protection Bureau announced an interpretive rule for the advertising targeting practices of digital marketing providers in the financial sector. The law identifies which “material services” carried out by digital marketers require compliance measures and sets out the scope of its provisions. Read more here →
2) Notable Case Law
Google has been ordered to pay a fine of AUD 60 million to the Australian Competition and Consumer Commission for misleading consumers. Google was found guilty of processing location data from the Android devices of users without their knowledge, as such data was collected during web activity even when the user switched off the location history. Read about this on our blog →
The French DPA issued a €60 million preliminary warning of a fine against the advertising technology company “Criteo” for violations of the GDPR rules regulating processing practices through targeted advertising and user profiling. Follow this story on our blog →
3) New and Upcoming Legislation
On 9 August 2022, the European Data Protection Supervisor recommended that the Council of the European Union enter into further negotiations with Japan to find an agreement on cross-border data flows. Despite Japan already having an adequacy determination for 2019, the EDPS recommended that the negotiating directives make it clear that the rules shouldn’t prevent the EU or the Member States from adopting measures requiring controllers or processors to keep personal data in the EU/EEA. Access the opinion here →
The Brazilian Data Protection Authority announced a public consultation with a deadline for comments of 31 August 2022 that will be instrumental in preparing the Regulatory Agenda for 2023-2024. In particular, the Authority stated that it is seeking contributions to identify topics that may be relevant for further study and insight into personal data protection regulation. In addition, the consultation also aims to provide further publicity and efficiency to the enforcement processes of the ANPD. Read the official decision here → (in Portuguese)
4) Strong Impact Tech
The Nigerian National Information Technology Development Agency (NITDA) has issued a public call for input into developing the country’s first National Policy on Artificial Intelligence. Individuals or organizations can sign up to provide stakeholder input. In light of this, the NITDA will create a framework for the planning, research, development, standardization, implementation, coordination, monitoring, evaluation and regulation of practices and activities involving information systems in Nigeria. Access the submission form here →
New Zealand’s Office of the Privacy Commissioner has released a public consultation on the country’s compliant use of biometric technology. The Authority aims to ensure that organizations have appropriate guidelines to enable the development and processing of biometric data in a controlled manner while protecting citizens’ privacy. The public consultation period will last until 30 September. Read the public consultation here →
Other key information from the past weeks
The Brazilian National Data Protection Authority is examining ways to re-regulate international data transfers, moving away from the present GDPR-inspired restrictions.
The French Data Privacy Authority has developed tools to assist professional sports organizations in complying with data protection laws.
The Danish DPA (Datatilsynet) has begun a series of public and private sector cloud usage inspections.