The Italian DPA (Garante Privacy) has begun work on a code of conduct to govern telemarketing operations and prevent the incidence of unwanted advertising calls. Read here → (in Italian)
The Brazilian DPA (ANPD) issued an updated version of its “Guidance for Personal Data Processing Agents and Data Protection Officers,” which was first published on May 28, 2021. The ANPD stated that the latest guideline is required in order to:
clarify some concepts under the LGPD and previous guidance;
include practical examples and explanations on who can perform the roles of the data controller, data processor, and DPO, as well as their responsibilities;
provide clarifications on the DPO’s attributions and discuss the lack of necessity to register the DPO’s identity before the ANPD;
give updates in response to Resolution CD/ANPD No. 2 of 27 January 2022 for a Regulation on the application of the LGPD to small processing agents; and
present notions found in more complicated chains, such as the sub-operator, to show how they might be applied. Access the updated guidelines here → (in Portuguese)
2) Notable Case Law
The French Data Protection Authority (CNIL) penalized Dedalus Biologie1.5 million eurosfor a violation of health data. The massive data breach affected nearly 500,000 people, including their personal information and above all, their medical information (HIV, cancers, genetic diseases, pregnancies, drug therapy of patients, or genetic data) of these people. Read about the decision here →
Norwegian DPA (Datatilsynet) published its decision on 5 May 2022 after receiving a data breach notification. The DPA has ordered a fine of NOK 500,000 (approx. €50,140) to Lillestrøm municipality, which was later reduced to NOK 300,000 (approx. €30,030), for failure to implement adequate confidentiality measures in violation of Article 32(1)(b) of the GDPR. The Authority’s summary can be found here → (in Norwegian)
3) New and Upcoming Legislation
The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) issued a Joint Opinion on the Data Act Proposal, outlining a number of problems in the wording of the Proposal.
They emphasize, that the proposal would apply to a wide range of products and services meaning that “information about individuals could become the object of data sharing and use according to the rules established in the Proposal”. Access the opinion here →
4) Strong Impact Tech
The first developer preview of Android Privacy Sandbox. Android has received feedback on its first design concepts from developers across the ecosystem since the announcement.
We recently announced the Privacy Sandbox on Android to enable new advertising solutions that improve user privacy and provide developers and businesses with the tools to succeed on mobile.
According to the Android Developers Blog, this feedback is vital to ensuring that the design solutions work for everyone, and they are encouraging people to keep sharing feedback via the Android developer site. Read more on how to get involved here →
Other key information from the past weeks
The United States Supreme Court is in the spotlight this week after Politico reported on a leaked early version majority opinion by Justice Samuel Alito on the 1973 Roe v. Wade ruling.
