DPO Newsletter: Data Protection & Privacy News (issue #13)

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

• The Italian Data Protection Authority (Garante) has issued the final Cookie guidelines. The Portuguese Authority has also announced that it would issue Cookie Guidelines this year. Read the Italian guidelines here → (in Italian) | Tweet this
• The European Data Protection Board has adopted Guidelines on Codes of Conduct, on Virtual Voice Assistants and on the concepts of Controllers & Processor. Read the adopted guidelines here → | Tweet this
• The Garante and the UK’s Information Commissioner’s Office (ICO) have published their annual reports. Find the ICO’s report here → and the Garante’s report here → (in Italian) | Tweet this
• The German Data Protection Authority for Sachsen- Anhalt has published guidelines on remote working. Read here → (in German) | Tweet this

2) Notable Case Law

• The Spanish Data Protection Authority has imposed a fine against a company as it did not comply its information obligations for the fair and transparent processing of personal data. For instance the Privacy Policy did not refer the applicable Data Protection legislation. Read the case here → (in Spanish) | Tweet this
• The Finnish Data Protection Authority has issued a fine against a company following a number of complaints. Indeed, the company had conducted direct marketing with automated calls without previous consent. The company had also used a subcontractor without concluding a processing agreement. Read the press release here → (in Finnish) | Tweet this
• The German Data Protection Authority for Hamburg has issued a press release after the audit by several German Authorities of 49 websites which request consent for the processing of their visitor’s personal data. The audit for instance assessed the level of complexity for rejecting cookies or the accuracy of the information in the cookie banners. Read the post here → (in German) | Tweet this

3) New and Upcoming Legislation

• United States (Federal) – An executive order was made, notably pushing for further implementation of rules surrounding surveillance and the accumulation of data. Tweet this
• United States (Colorado) – Colorado became the third US State to have comprehensive privacy legislation. The Colorado Privacy Act was passed into Law and is to come into effect by the 1st of July 2023. It for instance grants a right to opt-out, to access, to correct and to delete personal data. It also prohibits dark patterns. Tweet this
• United States (New York) – The Biometric Data Protection Law has entered into force on July 9th 2021, requiring certain organisations to post formal notices if they collect biometric data. Tweet this
• New Zealand – The Government has established the legal framework for a new consumer data right, to allow consumers to securely share data that is held about them with trusted third parties, using standardised data formats and interfaces. Tweet this
• Italy – The Convention 108+ was ratified by Italy, now the 12th country to do so. Tweet this

4) Strong Impact Tech

• Peru has opened a new platform for the National Register of Data Protection. Cross-border transfers must for instance be notified to the National Register. Tweet this

Other Key information from the past weeks

• The Italian Data Protection Authority (Garante) made a decision to fine a company €2.6 million for a lack of transparency and accuracy in their use of algorithms to manage employees.
• The European Data Protection Board has published a leaflet about the One-stop-shop for data protection enforcement across EU borders.

About us

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com