The International Association of Privacy Professionals (IAPP) published a report on the implications of U.S. President Biden’s executive order to implement the EU-U.S. Data Privacy Framework from its conference on the matter which took place in Austin, Texas. Read here →
The Belgian Data Protection Authority (DPA) informed the Interactive Advertising Bureau Europe (IAB Europe) of its intention to proceed with the examination of the action plan submitted by the latter in April with a view to its possible validation, as reported in a press release by IAB Europe. Access here →
The Advocate General of the Court of Justice of the European Union (CJEU) issued a non-binding opinion, concerning a reference for a preliminary ruling from the Supreme Court of Austria on the rules on civil liability laid down by the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). Reported here →
Here follows the latest activities of the European Data Protection Board (EDPB):
The EDPB urged the European Commission to harmonize procedural aspects to promote “strong and swift enforcement” of the EU General Data Protection Regulation. Regulators have sent the European Commission a “wish list” of procedures including “investigative powers of data protection authorities” and “procedural deadlines.” This “wish list” is one of the key actions enunciated in the EDPB’s Vienna Declaration on Cooperation.
The report “Cross-Border Data Flows: Taking Stock of Key Policies and Initiatives” was released by the Organization for Economic Co-operation and Development (OECD). Access the report here →
2) Notable Case Law
In response to a complaint made, the Italian DPA (Garante Privacy) fined Intesa Sanpaolo Vita S.p.A. €20,000 for violating Articles 5(1)(a) and 5(1)(f) of the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). Read about the decision here → (In Italian)
Following notifications to the Technological Innovation Division of AEPD, the Spanish DPA (AEPD) fined Everis Spain S.L.U. €80,000, which was later reduced to €64,000, for violating Articles 5(1)(f) and 32 of the General Data Protection Regulation (Regulation (EU) 2016679) (the “GDPR”). The Authority’s summary can be found here → (in Spanish)
The ultra-fast fashion e-commerce platform Shein has been fined $1.9 million by the attorney general of the state of New York for a data breach, according to a notice from the state’s Attorney General office. Read about this on our blog here →
Nearly 50 proposed class-action lawsuits against dozens of companies since February have been filed by US consumers. The lawsuits claim Meta Platforms’ Pixel video tracking tool shared video consumption data without consent, Bloomberg Law reports →
3) New and Upcoming Legislation
The Digital Markets Act (DMA) was published in the Official Journal of the European Union. In particular, the DMA will enter into force on the 20th day following its publication in the Official Journal, namely on 1 November 2022, and will generally apply to companies from 2 May 2023 with the exceptions of specific provisions. The research and insights team at IAPP offers privacy experts a summary of the DMA that covers the law’s goals, geographical and material reach, important requirements, enforcement, and control structure. Access the official text →
The EU lawmaker leading on the cloud-related provisions of the Data Act wants to remove the obligation that cloud providers must ensure an equivalent level of service when a client changes provider. Reported here →
4) Strong Impact Tech
An updated compendium of strategies for enhancing competition in digital marketplaces was published by the G-7. The document includes “a high-level overview of current developments” in areas such as “draft reforms and legislative and regulatory proposals,” and it reflects “the latest developments in the area of competition enforcement and policy in digital markets.” Access here →
The challenging task of establishing the Commission’s negotiating mandate for the AI Act falls under the purview of the Czech Presidency of the EU Council. How far the EU executive can push the negotiations, though, is still an open question. Reported here →
Other key information from the past weeks
The Global Privacy Platform (GPP) is now complete and available for the industry. Did you know that iubenda’s CEO, Andrea Giannangelo, was one of the main collaborators who worked on the GPP?
President Joe Biden signed the Executive Order on October 7, 2022, in order to follow previous rulings of the European Court of Justice (CJEU) and put the European Union-U.S. Data Privacy Framework into effect.
The US administration released a fact sheet on the steps taken to improve and protect US cybersecurity on October 11, 2022.