Podcast | DPO Update: DPIAs, Schrems 2, e-privacy, CCPA & CPRA, mobile phone extraction by police, Smart TVs investigated and latest fines
Judit Garrido-Fontova and Alex Dittel give an update on recent developments in privacy law as part of Kemp Little’s KLick DPO service, including:
- Data protection impact assessment materials including EDPS’ report on EU institutions’ use of DPIAs (link), EDPS infographic (link) and video (link) and CNIL’s DPIA guidance for IOT devices (link).
- The Spanish AEPD explains misconceptions about biometric data (link).
- The latest on the e-privacy draft including progress report (link) and proposal (link).
- Smart-TV sector investigation by the German federal competition authority (link).
- EDPS data protection flowchart and joint controller status (link).
- California’s California Consumer Privacy Act enforced since 1 July 2020 (link), the third amendment to the CCPA released on 1 June 2020 (link), impact of adtech “service providers” and the brand new California Privacy Rights and Enforcement Act 2020 proposal (CPRA) (link).
- French administrative court Le Conseil d’État strikes prohibition on cookie walls from CNIL’s cookie guidance (link).
- Data transfers: Privacy Shield invalided by the ECJ “again” (link). UK’s adequacy update and readiness at the end of the transition period (link). FTC settlement focuses on those other Privacy Shield Framework requirements (link).
- EDPS strategy 2020-2024 (link).
- Mobile phone data extraction by police forces in England and Wales, investigation report (link).
- European Union Agency for Fundamental Rights (FRA) and EDPS are increasing cooperation (link).
- South Africa’s Protection of Personal Information Act 4 of 2013 (POPI) in force since 1 July 2020 (link).
- Online platforms and digital advertising market study by UK’s competition authority (link).
- Covid-19 related: Irish COVID tracker app DPIA (link) and privacy notice (link). National Association of Attorneys General in the US send a letter to Apple and Google (link). New Zeeland leak (link). ICO on visitor details (link).
- Credit referencing agency Stichting Bureau Krediet Registration fined €830,000 by Dutch Autoriteit Persoonsgegevens for charging a fee for access to credit records (link).
- Fines for breach of the security principle: The Spanish AEPD fined Iberdrola Clientes €24,000 for breach of the security principle (link). Norwegian Datatilsynet proposes a fine of approx. €111,680 Hospital Østfold for breach of the security principle. The highest GDPR fine in Hungary of €285,000 imposed on Digi Távközlési Szolgáltató Kft. for failing to secure a website security vulnerability (link).
- EDPS opinion on the European strategy for data of European institutions (link).
- Activity reports from the CNIL (link), the Irish DPC (link) and the EDPB (link).
Also available on Cybersecurity Conferences.
Share this blog
Alex Dittel is a data protection & privacy senior associate
Share this Blog
- Adtech & martech
- Artificial intelligence
- EBA outsourcing
- Cloud computing
- Complex & sensitive investigations
- Cryptocurrencies & blockchain
- Data analytics & big data
- Data breaches
- Data rights
- Digital commerce
- Digital content risk
- Digital health
- Digital media
- Digital infrastructure & telecoms
- Emerging businesses
- Financial services
- KLick DPO
- KLick Trade Mark
- Open banking
- Software & services