The UK Information Commissioner’s Office (ICO) has published drafted guidance on using privacy-enhancing technologies (PETs) in its publication on anonymization and pseudonymization. The ICO is seeking feedback to help refine and improve the final guidance. The consultation closes on 16 September 2022.
According to ICO, the purpose of the draft guidance is to help organizations to unlock the power of data by taking data protection by design approach to innovation. The draft PETs guidance explains the benefits and different types of PETs currently available and how they can help organizations comply with data protection law. Read here →
On 5 September 2022, the European Data Protection Board (EDPB) published an overview of resources made available by the Member States to Data Protection Supervisory Authorities (DPAs) in the European Economic Area. Access here →
The Data Protection Authority (ANPD) of Brazil has established a public consultation period on how the data of children and adolescents should be processed under the General Data Protection Law(LGPD). The issue is being debated because there is “a situation of legal uncertainty for treatment agents, due to the lack of definition about which legal hypotheses authorize” the processing of children’s data. Read more here → (in Portuguese)
2) Notable Case Law
The Irish Data Protection Commission (DPC) issued a press release regarding the €405 million fine for the Meta-owned social networking platform Instagram. The fine is the result of the platform violating the General Data Protection Regulation by publishing children’s email addresses and phone numbers. Reported here on our blog →
The Spanish data protection authority (AEPD) imposed a fine of €20,000 on Muxers Concept, S.L. for the processing of employees’ personal data without a legitimate legal basis in violation of Article 6 of the General Data Protection Regulation (GDPR). Read the decision here → (in Spanish)
The UK’s Information Commissioner’s Office (ICO) issued, on 2 September 2022, a monetary penalty to Halfords Limited for sending more than half a million unsolicited marketing emails in violation of the Privacy and Electronic Communications Regulations 2003 (PECR). The Authority reported here →
3) New and Upcoming Legislation
Euractiv reported that, in the draft of the “proposal for a Cyber Resilience Act” expected to be officially released this week, the EU Commission would mandate baseline cybersecurity standards for all connected devices and stricter conformity assessment procedures for critical products. Reported here →
The second reading of the UK Data Protection and Digital Information Bill [Bill 143 2022-23], scheduled on 5 September 2022, has been postponed following the announcement of Liz Truss as the UK’s new prime minister. Read more about this here →
Californians for Consumer Privacy (CCP) submitted an open letter to Nancy Pelosi, Speaker of the United States House of Representatives, criticizing the American Data Privacy and Protection Act (ADPPA) on September 6, 2022. Californians for Consumer Privacy noted that the ADPPA would pre-empt Californian data privacy legislation, which they believe as the strongest privacy legislation in the US. Access the letter here →
4) Strong Impact Tech
Joe Sullivan, Uber’s former security chief, goes on trial this week in what is believed to be the first instance of an executive facing criminal charges in connection with a data breach. Reported here on our blog →
According to Reuters, Samsung Electronics revealed a data breach that affected its US customers in July. The hack apparently occurred in July and affected certain customers’ personally identifiable information, but not their Social Security numbers or credit card information. More on this story here →
Other key information from the past weeks
On Monday, September 5, 2022, a number of cybersecurity experts tweeted about the alleged discovery of a server breach that gave access to TikTok’s storage.
The UK’s Information Commissioner’s Office (ICO) announced that the international data transfer agreement (the IDTA), which is often referred to as the UK standard contractual clauses, needs to be used for contracts entered into, on, or after 21 September 2022.
California has passed the new legislation, the California Age-Appropriate Design Code Act, that will mandate businesses like TikTok, Instagram, and YouTube to put safeguards in place for users under the age of 18.
