The Irish Data Protection Authority has issued guidance on having a Child-Oriented Approach to Data Processing. Read the details here →
The United Kingdom’s Information Commissioner’s Office (ICO)has opened a consultation on how it uses its powers to investigate, regulate and enforce. Access the consultation here →
The UK Geospatial Commission published a report on public attitudes to data location. The report will inform a government Guidance on the ethical use of location data. View the report here →
The Office of the Privacy Commissioner of New Zealand has published guidance on Sensitive Information. Read here it →
2) Notable Case Law
The Norwegian Data Protection Authority (the Datatilsynet) has issued a fine to a dating-app company after finding that the company shared personal data with advertising partners without valid consent. Indeed, the Authority went through all the conditions for obtaining consent under the GDPR, which it underlined were cumulative. The Datatilsynet found that the requirements for consent being “freely given”, “specific”, “informed”, “unambiguous”, and “as easy to withdraw as to give consent” were not fulfilled. The decision is available in English →
The Finnish Data Protection Authority fined a psychotherapy centre for failing to secure personal data processed. In this case, the company’s patient files had been copied by hackers who then threatened the centre. The centre had then failed to notify the affected data subjects or the Data Protection Officer. Read the decision here (in Finnish) →
The Spanish Data Protection Authority (the AEPD), issued a fine against an organization for sharing personal data and health data without obtaining valid consent. Read the decision here (in Spanish) →
3) New and Upcoming Legislation
European Union – The Digital Markets Act was approved by Parliament and is now to be negotiated with the Council. The Act notably aims to regulate big online platforms and sets boundaries to micro-targeted and target ads.
Australia – The government has launched an Online Safety Youth Advisory Council to work on approaches to regulating online platforms and online safety issues.
4) Strong Impact Tech
The European Data Protection Supervisor issued a TechSonar Report, to anticipate rising technologies and monitor their potential impact on data protection. The five technologies it chose to monitor were synthetic data, smart vaccination certificates, the central bank digital currency, just walk out (JWO), continuous biometric authentication, and digital therapeutics.
Other key information from the past weeks
The United Kingdom and the United States – The UK and the US have issued a joint statement on their commitment to allow data exchanges between both countries.
The ICO has issued a 50,000 GBP fine to Virgin Media after deciding that it had deliberately sent direct marketing emails without valid consent.
The French Data Protection Authority (the CNIL) has updated its GDPR guidance for developers.
