DPO Newsletter: Data Protection & Privacy News (issue #9)

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

The European Court of Human Rights (ECHR) has published a factsheet on case law and pending cases related to new technologies. Read the factsheet here →
The European Data Protection Supervisor (EDPS) released a case law digest for the cases handled by the European Court of Justice which relate to data transfers to third countries. Digest available here →
The Belgian Data Protection Authority has published its 2020 annual report. Available here → (in French)

The Norwegian Data Protection Authority issued a fine against a bank for failing to prepare a risk assessment before launching a new platform. In this case, some customers were able to access the contact information of other customers.
The Authority noted that the breach could have been avoided had a risk assessment been conducted and the appropriate technical measures been implemented. Particular emphasis was placed on the fact that the case concerned financial information. Read more about the decision here →
The Dutch Data Protection Authority has imposed a fine on a company processing the health data of sick employees. According to the decision, the company was found to have collected more information than legally admissible, and the sensitive data was insufficiently protected. More on decision here →

European Union – The digital COVID certificates have been adopted by the EU Parliament and should apply from July 1st, 2021 (for 12 months). Read the press release here →
European Union and the United States – Both parties have agreed to form a EU-U.S. Trade and Technology Council (TTC).
United States (Federal) – Several Federal Bills related to data privacy are before the Senate. One notably sets rules for transparency on social media platforms and another for SMEs to notify data breaches.
United States (Colorado) – The Colorado Privacy Act passed on June 8th, 2021. The Act notably sets a number of data subject rights, including the right to opt-out. Read the Act here →
China – The Data Security Law was passed, and will come into force in September 2021. The Law, for instance, stops companies from transferring or storing certain types of data abroad. Read an unofficial translation by Covington & Burling here →

Apple unveiled the iOS 15 (expected to come out this fall), which builds on the Apple App Tracking Transparency feature. The new update should put in place a privacy dashboard, which would, for example, show which apps have accessed a user’s personal data, and when. Trackers are also to be blocked from emails in Apple’s Mail app, and new privacy and security features are to be brought to the iCloud service.
In the context of a formal investigation of the United Kingdom’s Competition and Markets Authority (CMA) into Google, a list of commitments from the company were agreed to.
Huawei opened a Global Cyber Security and Privacy Protection Transparency Center in China.

The modernised standard contractual clauses (SCCs) for the transfer of personal data to third countries were published by the European Commission (EC).
The UK’s Data Protection Authority (the ICO) opened a public consultation on its draft guidance on anonymisation, pseudonymisation, and privacy-enhancing technologies.

📬 Want more news like this delivered to your inbox? Join the list @ dponewsletter.com

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.