Privacy Transformation - Issue 178

PRIVACY

Analysis: New Hope for EU-US Data Transfer Mechanism Following White House Executive

Analysis: New Hope for EU-US Data Transfer Mechanism Following White House Executive

The White House has issued its Executive Order (“EO”) on Enhancing Safeguards for United States Signal Intelligence Activities, which provides additional due process protections to the use of surveillance mechanisms by U.S. intelligence agencies and creates a new 2-layer redress mechanism for affected individuals.

RELATED: The EU-US Data Privacy Framework: A new era for data transfers?

EC: Questions & Answers - EU-U.S. Data Privacy Framework

The redress mechanism in the Privacy Shield successor: On the independence and effective powers of the DPRC

The GDPR European Data Protection Seal Approved by the EU, a New Era for Privacy and Data Protection Compliance

The GDPR European Data Protection Seal Approved by the EU, a New Era for Privacy and Data Protection Compliance

The European Data Protection Board (EDPB) approved Europrivacy as European Data Protection Seal for certification under art. 42 (5) GDPR. Europrivacy enables companies to assess and formally certify their data processing compliance. Europrivacy certificates will be formally recognised in all E.U. Member States and will be taken into account by data protection supervisory authorities in case of litigation.

See Guidance Section for EDPB Opinion.

Analysis: Is Mere Worry Enough? “Non-Material Loss” claims for breach of data rights under the GDPR

Analysis: Is Mere Worry Enough? “Non-Material Loss” claims for breach of data rights under the GDPR

The GDPR brought with it the possibility of, for the first time in Ireland, individuals (or groups of individuals) being allowed by law to claim damages for “non-material loss” arising from breaches of their data rights. Two recent and much-publicised English decisions have already restricted the scope for claims of this kind in the UK to those where there is more than a de minimis level of pain and suffering. This week, an opinion of the Advocate General in one of the cases awaiting judgment before the CJEU, suggests that the CJEU may follow suit.

RELATED: Advocate General Opinion - UI v Österreichische Post AG

Demanding employees turn on their webcams is a human rights violation, Dutch Court rules

Demanding employees turn on their webcams is a human rights violation, Dutch Court rules

When Florida-based Chetu hired a telemarketer in the Netherlands, the company demanded the employee turn on his webcam. The employee wasn’t happy with being monitored “for 9 hours per day,” in a program that included screen-sharing and streaming his webcam. When he refused, he was fired.

The 7 Legislative Developments That Will Disrupt The Global Advertising Ecosystem

The 7 Legislative Developments That Will Disrupt The Global Advertising Ecosystem

From Brussels to New Delhi, these data privacy, protection and governance legislative changes are shaking up the advertising landscape. This story is part of The Drum’s Globalization Deep Dive.

RSA says GDPR limited the level of road crash data it could publish, as questions raised in Dáil

RSA says GDPR limited the level of road crash data it could publish, as questions raised in Dáil

The RSA says this is due to the fact that ‘the data must be treated as personal data in order to comply with GDPR demands’.

SECURITY & TECH

Insights: Privacy as Product

Insights: Privacy as Product

The way in which most businesses approach privacy issues is far from ideal and more often than not self-defeating. Compliance with data regulations has imposed itself as the central part of the work when privacy really is a product concern: as aspect you work on to make your product better and increase your revenue. How can we fix this?

Dutch scandal serves as a warning for Europe over risks of using algorithms

Dutch scandal serves as a warning for Europe over risks of using algorithms

The Dutch tax authority ruined thousands of lives after using an algorithm to spot suspected benefits fraud — and critics say there is little stopping it from happening again.

DATA BREACH

Former Uber security chief found guilty of concealing data breach

Former Uber security chief found guilty of concealing data breach

A San Francisco jury has found Uber’s former chief security officer, Joe Sullivan, guilty of criminal obstruction for failing to report a 2016 cybersecurity incident to authorities.

ENFORCEMENT

Italian SA fines US company offering diabetes app

Italian SA fines US company offering diabetes app

Notification of data breach to the Italian SA due to an employee’s sending – as part of an information campaign – email messages with the recipients’ addresses in the ‘Cc’ field rather than in the ‘Bcc’ one. This resulted into enabling every recipient to view the other recipients’ email addresses that in this case, also contained data disclosing health data.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

DPC: Data Subject Access Requests

DPC: Data Subject Access Requests

The Irish Data Protection Commission has issued updated guidance to aid in identifying the core practical issues of compliance of Data Controllers with data protection legislation in relation to access requests.

RESOURCES

EDPB: Opinion 28/2022 on the Europrivacy criteria of certification

Opinion 28/2022 on the Europrivacy criteria of certification regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR)

Questions & Answers: EU-U.S. Data Privacy Framework

Questions & Answers: EU-U.S. Data Privacy Framework

On 25 March 2022, President von der Leyen and President Biden announced that they had reached an agreement in principle on a new EU-U.S. Data Privacy Framework. The European Commission has published a Q&A sheet on the topic.

PrivacyTests.org: open-source tests of web browser privacy

PrivacyTests.org: open-source tests of web browser privacy

PrivacyTests.org subjects major web browsers to a suite of automated tests to find out: which web browsers offer the best privacy protections?

AEPD: GDPR Risk Assessment Tool

The AEPD have released a tool to aid in the assessment of risk of processing activities.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.