News of the week 25
We thought we would report on our digital notebook the week’s news (we indicate it by its number) posted in our Privacy Community in the Fediverse.
We post the global data protection and privacy news on the Privacy Community that we find most interesting.
If this content is of interest, we invite you to register to our Privacy Community. It’s free!
We’ll be waiting for you!
24 Jun 2022 at 11:47:19 - submitted by nicfab
The European Commission has described as “unfounded” claims that it does not collect sufficient information to monitor the implementation of data protection rules in Ireland.
It has also called on data authorities to ramp up and amplify their enforcement actions in the coming months and years.
The Commission has issued a reply to the office of the EU Ombudsman after it opened an inquiry into the monitoring of Ireland’s application of the General Data Protection Regulation (GDPR).
23 Jun 2022 at 14:09:15 - submitted by nicfab
Another strike against use of Google Analytics in Europe: The Italian data protection authority has found a local web publisher’s use of the popular analytics tool to be non-compliant with EU data protection rules owing to user data being transferred to the U.S. — a country that lacks an equivalent legal framework to protect the info from being accessed by US spooks.
23 Jun 2022 at 14:07:32 - submitted by nicfab
A website using Google Analytics (GA) without the safeguards set out in the EU GDPR violates data protection law because it transfers users’ data to the USA, which is a country without an adequate level of data protection.
The Italian SA came to this conclusion after a complex fact-finding exercise it had started in close coordination with other EU data protection authorities following complaints it had received. The Italian SA found that the website operators using GA collected, via cookies, information on user interactions with the respective websites, visited pages and services on offer. The multifarious set of data collected in this connection included the user device IP address along with information on browser, operating system, screen resolution, selected language, date and time of page viewing. This information was found to be transferred to the USA. In determining that the processing was unlawful, the Italian SA reiterated that an IP address is a personal data and would not be anonymised even if it were truncated – given Google’s capabilities to enrich such data through additional information it holds.
Google: Garante privacy stop all’uso degli Analytics. Dati trasferiti negli Usa senza adeguate garanzie
23 Jun 2022 at 14:05:41 - submitted by nicfab
Il sito web che utilizza il servizio Google Analytics (GA), senza le garanzie previste dal Regolamento Ue, viola la normativa sulla protezione dei dati perché trasferisce negli Stati Uniti, Paese privo di un adeguato livello di protezione, i dati degli utenti.
New report on limits of “consent” in New Zealand’s data protection law
23 Jun 2022 at 14:03:14 - submitted by nicfab
Today, the Future of Privacy Forum (FPF) and Asian Business Law Institute (ABLI), as part of their ongoing joint research project: “From Consent-Centric Data Protection Frameworks to Responsible Data Practices and Privacy Accountability in Asia Pacific,” are publishing the fourth in a series of detailed jurisdiction reports on the status of “consent” and alternatives to consent as lawful bases for processing personal data in Asia Pacific (APAC).
This report provides a detailed overview of relevant laws and regulations in New Zealand, including:
notice and consent requirements for processing personal data in New Zealand’s data protection law; the status of alternative legal bases for processing personal data which permit processing of personal data without consent if the data controller undertakes a risk impact assessment (e.g., legitimate interests); and statutory bases for processing personal data without consent and exceptions or derogations from consent requirements in-laws and regulations. The findings of this report and others in the series will inform a forthcoming comparative review paper which will make detailed recommendations for legal convergence in APAC.
Data collectors to require data protection certificate
22 Jun 2022 at 14:11:35 - submitted by nicfab
ICT Cabinet Secretary Joe Mucheru says the government has engaged experts who will help targeted companies comply and understand the country’s data protection laws.
In March this year, Parliament approved a set of data regulations, aimed at safeguarding personal data in the country.
The policies passed included the data protection (General) regulations 2021, Data Protection (Complaints Handling and Enforcement Procedures) Regulations, 2021, and the Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021.
After EU child safety complaints, TikTok tweaks ad disclosures but profiling concerns remain
22 Jun 2022 at 14:06:34 - submitted by nicfab
A long-running EU engagement with TikTok — initiated following a series of complaints over child safety and consumer protection complaints filed back in February 2021 — has ended, for now, with the video sharing platform offering a series of commitments to improve user reporting and disclosure requirements around ads/sponsored content; and also to boost transparency around its digital coins and virtual gifts.
Judgment of the Court in Case C-817/19 | Ligue des droits humains
22 Jun 2022 at 07:43:35 - submitted by nicfab
The Court considers that respect for fundamental rights requires that the powers provided for by the PNR Directive be limited to what is strictly necessary In the absence of a genuine and present or foreseeable terrorist threat to a Member State, EU law precludes national legislation providing for the transfer and processing of the PNR data of intra-EU flights and transport operations carried out by other means within the European Union
Spain, Austria not convinced location data is personal information
22 Jun 2022 at 07:35:58 - submitted by nicfab
Some authorities in Europe insist that location data is not personal data as defined by the EU’s General Data Protection Regulation.
EU privacy group NOYB (None of your business), set up by privacy warrior Max “Angry Austrian” Schrems, said on Tuesday it appealed a decision of the Spanish Data Protection Authority (AEPD) to support Virgin Telco’s refusal to provide the location data it has stored about a customer.
Nomination of Data Protection Commission members
21 Jun 2022 at 11:53:13 - submitted by nicfab
The Director-General has nominated Laura Kiviharju, Massimo Marelli and David Taylor as members of CERN’s new Data Protection Commission (DPC), which took up its functions on 1 June 2022.
If this resource was helpful, you could contribute by
Or donate via
Follow us on Mastodon