Privacy Transformation - Issue 74

PRIVACY

Data Protection Commission to receive €2 million extra funding

Data Protection Commission to receive €2 million extra funding

The Data Protection Commissioner is getting more than €2 million extra next year, reflecting a 13%  increase, giving the data protection watchdog a tenfold increase in funding since 2014.

Explainer: Irish websites had six months to fully comply with cookie regulations. What happens now?

Six months ago, the Data Protection Commission (DPC) gave websites a deadline of 5 October to get their cookies policy up to scratch with the relevant laws and regulations in Ireland.

EU data transfer worth £85bn a year to the UK is at risk due to the ICO's dismal record

EU data transfer worth £85bn a year to the UK is at risk due to the ICO's dismal record

This letter from the Irish Council for Civil Liberties to the European Commission alerts the Comission that frictionless UK-EU data transfer ater Brexit may not be possible due to their assessment that the ICO is not an effective independent supervisory authority capable of enforcing compliance with data protection law.

Opinion: The Observer view on the information commissioner's Cambridge Analytica investigation

Opinion: The Observer view on the information commissioner's Cambridge Analytica investigation

The 2018 Observer investigation into a hitherto obscure political consultancy sparked the most serious crisis yet to disrupt the world’s secretive social media giants and shed terrifying light on how their collection of our data reshaped political campaigning.

SCHREMS II

Privacy activist Max Schrems challenges DPC probe of Facebook EU-US data transfers

Privacy activist Max Schrems challenges DPC probe of Facebook EU-US data transfers

Privacy and data rights activist Max Schrems has brought a High Court challenge aimed at halting the Data Protection Commissioner’s probe into Facebook Ireland’s transfer of data to its US-based parent.

Opinion: Schrems II and Individual Redress—Where There’s a Will, There’s a Way

Opinion: Schrems II and Individual Redress—Where There’s a Will, There’s a Way

What changes can the U.S. make to satisfy Schrems II’s requirements?

Irish High Court allows Judicial Review to stop Facebook EU-US transfers

Irish High Court allows Judicial Review to stop Facebook EU-US transfers

The Irish High Court allowed a “Judicial Review” against the Irish DPC today. The legal action by noyb aims to swiftly implement the European Court of Justice Decision on Facebook's EU-US transfers.

DPC Reply to Representation Received From Senator Malcolm Byrne RE: Costs of Schrems II Case

DPC Reply to Representation Received From Senator Malcolm Byrne RE: Costs of Schrems II Case

DPC reply to representation received from Senator Malcolm Byrne on 7 October 2020 regarding the reasons as to why the DPC is not covering the costs of the Schrems II case.

ENFORCEMENT

Norwegian Data Protection Authority: Decision to Fine Bergen Municipality

Norwegian Data Protection Authority: Decision to Fine Bergen Municipality

The Norwegian Data Protection Authority has given Bergen municipality a final decision on an administrative fine of approximately EUR 276,000. Personal information in the communication system between school and home was not secure enough

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE

Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/67

Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/67

The European Data Protection Board welcomes comments on the Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679.

Guidelines 9/2020 on relevant and reasoned objection available here.

RESOURCES

EDPS: IPEN 2020 Contact Tracing Apps webinar - European Data Protection Supervisor

EDPS: IPEN 2020 Contact Tracing Apps webinar - European Data Protection Supervisor

The worldwide character of the pandemic and the public debate on the suitability of certain technological measures have boosted what can maybe be considered as the first privacy engineering exercise at a global, public scale. In the webinar we want to listen to developers' and regulators' relevant stories and foster the debate for possible lessons learned with a focus on data protection by design and by default practices.