The EDPB issued guidance on how to use certification as a tool for transfers in practice. In the absence of an adequacy agreement, Art. 46(2)(f) GDPR adds recognized certification mechanisms as a new tool for transferring personal data to foreign countries. The guidelines are a complement to the certification guidelines 1/2018, which provide more general certification information. The public will be able to comment on the guidelines until the end of September. The official text of the guidelines shall be released soon. Read the press release here →
Following a public consultation, the UK has released details of its proposed Data Reform Bill, which will alter the privacy framework in the UK’s post-Brexit version of the GDPR. The revisions include, among other things, a revamp of the national DPA (ICO) and a restriction on the number of rules that can be applied to cookies, DPO meetings, and the need to conduct DPIAs. Read more about this on our site here →
2) Notable Case Law
The Italian DPA (Garante Privacy) fined a corporation €20.000 for transmitting contact data for telephone advertising without valid consent and for failing to inform users. Read about the decision here → (in Italian)
3) New and Upcoming Legislation
According to Euractiv, the European Parliament has rejected the European Union Council’s most recent consolidated text for the proposed Digital Services Act. The rules and phrasing on content monitoring are driving the current conflict between the two sides after the Parliament and Council reached a provisional agreement on the DSA in April. Each chamber might adopt its own proposal and reconcile differences later, or the council’s French presidency could hand over negotiations to the Czech Republic’s incoming leadership on July 1. Reported here →
Maine Governor Paul LePage signed House Paper (‘HP’) 669, establishing the ‘Maine Data Collection Protection Act.’ Access the act here →
4) Strong Impact Tech
Total Cookie Protection is now the default for all Firefox users. While the ad tech sector strives to operate in a less cookie-filled environment, browsers like Mozilla Firefox are seizing the opportunity to broaden their user base with features like Total Cookie Protection” (TCP). Read more on this here →
The German Federal Antitrust Office has opened an investigation into Apple’s tracking regulations and transparency framework, suspecting the company of giving preferential treatment to its own products. This is the authority’s second antitrust investigation into Apple, following the adoption of a new German antitrust law. The bureau just decided to assess a possible dominant market position of the American corporation last June. Reported here →
Other key information from the past weeks
The European Data Protection Supervisor met with 70 data protection officers from the EU’s network of institutions for their 50th meeting. The meetings, according to EDPS Director Leonardo Cervera Navas, help the DPO network comply with data protection laws and collaborate better.
