The Global Privacy Platform (GPP) is now complete and available for the industry. Did you know that iubenda’s CEO, Andrea Giannangelo, was one of the main collaborators who worked on the GPP? Read about this here at iubenda →
President Joe Biden signed the Executive Order on October 7, 2022, in order to follow previous rulings of the European Court of Justice (CJEU) and put the European Union-U.S. Data Privacy Framework into effect. Read more here →
In the UK, the General Data Protection Regulation (GDPR), the EU’s data privacy law, will be replaced with a British system, cultural secretary Michele Donelan announced on Monday. Reported here →
The Spanish DPA started offering a risk assessment tool for data protection. The parameters offered in the tool are quite generic; thus, it is recommended to use only after great consideration. Access here →
The Irish Data Protection Commission (DPC) established guidelines on how to react to requests from people attempting to exercise their “right of access” in response to the significant volume of complaints and inquiries on the subject. Read the FAQ here →
2) Notable Case Law
The UK Data Protection Authority fined Easylife £1.35 million for creating 145,000 customer profiles using health information. Easylife also paid an additional fee for making 1345,732 calls for direct marketing between 2019 and 2020. According to the UK DPA, this illegal processing mostly affected elderly and ill individuals, making them a target group that needed to be given special consideration for protection because they couldn’t understand how their data was being processed. Read about this story on our blog →
3) New and Upcoming Legislation
The Digital Services Act was formally accepted by the EU Council and will go into effect 15 months after it is published. The Act outlines obligations for suppliers of services that act as mediators, including social media, sizable online platforms, and search engines. There will be restrictions on advertising, the use of sensitive data for targeted advertising, and the prohibition of recognized misleading interfaces and practices. Read the official press release here →
The “Data Access Agreement” between the UK and the US became effective on October 3, 2022. As part of the legal procedure for obtaining electronic data stored by a corporation headquartered in any nation, this will enable quicker access to data kept by service providers. Access here →
4) Strong Impact Tech
The agenda items for the next December meeting of the EU-US Trade and Technology Council have been revealed. The European Union (EU) intends to “move toward concrete results” on digital and trade issues, including artificial intelligence and online child protection, according to the Commission’s presentation to the Council of the European Union’s Working Party on Telecommunications and the Information Society. Read here →
The US administration released afact sheet on the steps taken to improve and protect US cybersecurity on October 11, 2022. The plan aims to:
strengthen federal government cybersecurity requirements;
implement cybersecurity standards for IoT devices; and
improve the cybersecurity of critical infrastructure and ensure that new infrastructure is smart and secure.
Other key information from the past weeks
The French data protection authority (CNIL) released, on 28 September 2022, a checklist for personal data processing activities carried out for the purposes of creating health data warehouses for data controllers to support compliance with CNIL’s referential on the same adopted in October 2021.
Following its introduction earlier this year, the Interactive Advertising Bureau Technology Laboratory, Inc. (IAB Tech Lab) announced the Global Privacy Platform (GPP) completion on September 28th, 2022.
On September 28, 2022, the Information Commissioner’s Office (ICO) revealed that it had taken action against seven organizations for failing to reply to subject access requests.