The Office of the Australian Information Commissioner issued five new privacy principles to encourage consistency in measures taken to address ongoing risks related to Covid-19. The principles include data minimisation and security. Read about the principles here →
The French Data Protection Authority has issued a statement about saving credit card information, referring to the EDPB’s Recommendations 02/2021 from May, 19th 2021. The statement mentions e-commerce businesses and the option to use a check-box to obtain consent. More on the statement here →
The Data Protection Authority for Bermuda has published a Guidance note on the role of the Data Protection Officer. Access the guidance here →
2) Notable Case Law
The Spanish Data Protection Authority has fined a company €6,000 for a lack of transparency in their privacy notice and in their cookie policy. The decision, for instance, stated that the privacy policy did not specify the legal basis for the processing of personal data or the storage period. View the decision here →
The Russian authorities have fined Facebook, Twitter and WhatsApp a total of 36 million rubles for allegedly violating data localization rules. Russian legislation requests that personal data from Russian data subjects be stored in databases on Russian territory and that the storage should be recorded. Read the press release here →
The Irish Data Protection Authority has fined WhatsApp €225 million, as a result of an investigation that started in 2018. It was notably found that data subjects were insufficiently informed of the data exchanges between Facebook and WhatsApp. A spokesperson from WhatsApp stated that they would appeal the decision.
3) New and Upcoming Legislation
Switzerland – The Swiss Authorities have approved the EU Standard Contractual Clauses (SCCs). However, the Swiss Data Protection Authority must still be notified of certain transfers and a number of conditions were specified. Read the Swiss conditions to use EU SCCs here →
Germany – Exemptions to the GDPR might be sought in the coming months to allow companies to inquire about their employee’s vaccine status. Reuters reported →
4) Strong Impact Tech
Apple has announced it would postpone its child protection features, which had been announced on the 5th of August, 2021. A post by Apple stated: “Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.”
Other key information from the past weeks
The UK government has issued a press release stating that it intends to launch data partnerships with the US, Australia and the Republic of Korea, as well as new adequacy agreements.
The Californian Attorney General has issued a Bulletin advising on reducing vulnerabilities to ransomware attacks and giving Requirements regarding Health Data Breach Reporting.
