The French Data Protection Authority (the CNIL) has posted an article on alternatives to third-party tracking. Read it here →
The European Data Protection Board (EDPB) issued a statement on the Digital Services Package and Data Strategy. Read the statement here →
The ICO has issued standards for developing new tracking technologies and called on Google and other companies to offer advertising without tracking, profiling, or targeting. Read the standards here →
The Italian Data Protection Authority (the Garante) published documentation on safely selecting and storing passwords. Access it here → (in Italian)
The Irish Data Protection Authority (the DPC) has intervened in the compliance schemes of over a hundred Irish public bodies with regards to their appointment, or lack of appointment, of Data Protection Officers. The DPC has issued a press release here →
2) Notable Case Law
The Greek Data Protection Authority has issued a €20,000 fine against a company, for infringing Article 6 GDPR and notably making unsolicited marketing phone calls to data subjects. The Authority took into account the duration of the infringement and the company’s lack of cooperation. Read the case here → (in Greek)
The Italian Competition Authority has fined Google and Apple 10 million euros, after finding that the companies lacked transparency and had aggressive acquisition practices related to the use of the consumer’s data. The Authority has also found that neither company shared information with the user about the commercial purposes of their collection and storage of data. Read the Authority’s press release here → (in Italian)
In Case C-102/20, the Court of Justice of the European Union decided that certain adverts inside mailboxes could be considered as unsolicited commercial communications (in other words, spam). It was notably argued that because the adverts were displayed in-between the subject lines of received emails, they themselves appeared as electronic mails to the average user. The press release is available here →
3) New and Upcoming Legislation
European Union – The Digital Market Act was adopted by the EU Parliament and negotiations with the Council are starting in the first semester of 2022. Read the Parliament’s press release here →
European Union – The Digital Services Act is awaiting committee approval in Parliament. It notably aims to set clear due-diligence obligations for online services. Track the progress of the DSA in Parliament →
4) Strong Impact Tech
WhatsApp has revised its Privacy Notice, following the Irish Data Protection’s fine last August. Although WhatsApp is challenging the decision before the Irish High Court, it adapted its policy in the EU. WhatsApp has made a statement about the change →
Other key information from the past weeks
The Spanish Data Protection Authority has issued a 2.000€ fine against a company for failing to provide information about the personal data they processed.
The European Data Protection Board has opened a consultation on the draft Guidelines on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR, setting a list of criteria to define data transfers.
In March 2022, the Office of the Privacy Commissioner of Canada is to launch a consultation linked to a federal privacy law reform, in accordance with Bill to reform Canada’s federal private sector privacy law (Bill C-11).
