The Danish Data Protection Authority has updated its Guidance on Consent. Access the Guidance here → (in Danish)
An updated version of the Academic Commentary on the GDPR was published (edited by Christopher Kuner, Lee A. Bygrave, Christopher Docksey, and Assistant Editors Laura Drechsler and Luca Tosoni). Full commentary is available here →
2) Notable Case Law
The Spanish Data Protection Authority (the AEPD) has issued a decision on scraping from public sources. The company Equifax Ibérica, SL was fined €1,000,000 for preparing credit reports based on personal information that had been published by tax authorities, without informing the data subjects, or asking for their consent. Read the decision here → (in Spanish)
The AEPD has also issued a decision regarding Access requests. According to the decision, a data subject, having made an Access request, should be informed of which third parties their data has been transferred to – even if the controller does not store any data itself. More on the decision here → (in Spanish)
The Norwegian Data Protection Authority has announced its initial decision to fine a company transferring personal data to China without a proper legal basis, a processing agreement, or risk assessment in place. The company can now bring forwards its counter-arguments to the decision. Full details here → (in Norwegian)
Thailand postponed the date of enforcement for the Personal Data Protection Act to May 31st, 2022.
4) Strong Impact Tech
Microsoft has announced that it will allow companies to store and process all their data in the EU by the end of 2022.
Google Play is introducing a “safety section”, requiring app developers to visibly indicate what data their app collects and stores, as well as how it is processed.