The French Data Protection Authority (the CNIL) has posted an article on multi-factor authentication. Read here → (in French)
The Israeli Data Protection Authority (the PPL) has issued recommendations on wearable devices and fitness apps. Read the recommendations here →
The SpanishData Protection Authority has published a blog post on encryption keys and how they could be considered personal data. Access it here → (in Spanish)
2) Notable Case Law
The Spanish Data Protection Authority has issued a fine against a company for failing to provide sufficient information. Read the decision here → (in Spanish)
The Italian Data Protection Authority has issued a €2,000,00 fine against a company for failing to comply with its obligation to provide clear and transparent information about data processing to the data subject. In this case, the company used video surveillance cameras without providing the necessary information under article 13 of the GDPR. Read the case here → (in Italian)
3) New and Upcoming Legislation
European Union – A provisional agreement on the Data Governance Act (DGA) was adopted by the EU Parliament and the Council of the European Union. The DGA aims to set a legal and technical framework to facilitate the re-use of certain data processed by public authorities. The Agreement is subject to the Council’s approval and will be presented to the Council’s Permanent Representatives Committee (Coreper) for endorsement. Read the Council’s summary here →
European Union – An Advocate General of the Court of Justice of the European Union published an opinion in favour of consumer organisations bringing representative actions, related to infringement to data protection rules. Read the opinion here →
European Union – The Council of the European Union has agreed on a position on the NIS 2 Directive. Read about the Directive here →
United Kingdom – The UK government has made a proposal for a Bill on Product Security and Telecommunications Infrastructure. The Bill aims to bring stronger protections to connected products. Read the about proposal here →
4) Strong Impact Tech
PWC led a survey on Canadian Digital Trust Insights in 2022, which found that over 50% of Canadian organisations predicted an increase in cybersecurity funding. The survey was centered around four main questions, notably the role of the CEO, the complexity of the organisation’s structure, the most important risks for today and tomorrow, and the risk posed by third parties and the supply chain. Read here →
Twitter has expanded its Privacy Information Policy to forbid publishing other people’s media which is considered private information, such as photos or videos. Read Twitter’s summary here →
Other key information from the past weeks
In Case C-102/20, the Court of Justice of the European Union decided that certain adverts inside mailboxes could be considered as unsolicited commercial communications (in other words, spam). It was notably argued that because the adverts were displayed in-between the subject lines of received emails, they themselves appeared as electronic mails to the average user.
The Greek Data Protection Authority has issued a €20,000 fine against a company, for infringing Article 6 GDPR and notably making unsolicited marketing phone calls to data subjects. The Authority took into account the duration of the infringement and the company’s lack of cooperation.