The Italian Data Protection Authority (Garante Privacy) has released its inspection plan for the 2nd half of 2022. The activity will be directed:
inspections related to:
processing of personal data within the framework of apps. and online services offered by the P.A.;
checks related to the proper application of the guidance in the Guidelines on cookies and other tracking tools;
transfer of data abroad on the basis of Google’s analytics in relation to the provisions of the June 9, 2022 order.
inspections of public and private entities;
completion of the inspection activities such as the acquisition of information from apps installed on smartphones, data processing related to the use of verification tools of the GreenPass, e.c.t. Read more here → (In Italian)
The French data protection authority (CNIL) released, on 28 September 2022, a checklist for personal data processing activities carried out for the purposes of creating health data warehouses for data controllers to support compliance with CNIL’s referential on the same adopted in October 2021. Access the checklist here → (In French)
Following its introduction earlier this year, the Interactive Advertising Bureau Technology Laboratory, Inc. (IAB Tech Lab) announced the Global Privacy Platform (GPP) completion on September 28th, 2022. Read the press release here →
2) Notable Case Law
Following an individual complaint, the Spanish data protection authority (AEPD) imposed a fine of €52,000 on Bayard Revistas S.A., which was later reduced to €31,200, for infringement of Articles 5(1)(f), 32, and 33 of the General Data Protection Regulation (GDPR). Read about the decision here → (In Spanish)
On September 28, 2022, the Information Commissioner’s Office (ICO) revealed that it had taken action against seven organizations for failing to reply to subject access requests. More can be found here →
3) New and Upcoming Legislation
On Friday, September 30, the Colorado Attorney General’s office published proposed Colorado Privacy Act (CPA) rules. The Office also announced that it would hold three stakeholder meetings on November 10, 15, and 17, 2022, and a public hearing on February 1, 2023. Access here →
Serious concerns against the Canadian Cybersecurity Bill have been raised by Civil Society groups. Activists highlighted how the bill’s current version “risks undermining our privacy rights, and the principles of accountable governance and judicial due process which are the fabric of Canadian democracy.” Reported here →
The Indian government shared with the Supreme Court information on the new data protection bill, which is currently being drafted and will be presented to the Parliament in the next working session. Read more here →
4) Strong Impact Tech
The AI Act enters the Metaverse Members of the European Parliament have proposed broadening the scope of AI Rules to include the Metaverse. The major legislators advocated broadening the scope of the AI Act to include Metaverse environments that meet certain criteria. The most recent updates also addressed risk management, data governance, and high-risk system documentation. Read more on our blog →
Other key information from the past weeks
The Philippines, Thailand, and Taiwan have endorsed the Joint Declaration on privacy and personal data protection. This Joint Declaration was issued by the European Union, Australia, Comoros, India, Japan, Mauritius, New Zealand, the Republic of Korea, Singapore, and Sri Lanka at the Forum for Cooperation in the Indo-Pacific held in Paris on 22 February 2022.
