Date: December 3, 2021

In Case You Missed It: EU Privacy, Data and Consumer Updates of the Past Month

Date Tag News Link to Source
December 1 Cybersecurity The European Parliament published a progress report on the NIS2 Directive. Link.
November 30 Open Data The Council of the EU and European Parliament reached a provisional agreement on the Data Governance Act.  The provisional agreement is subject to Council of the EU’s approval.

Link.

Link.

November 25 Digital Services The Council of the EU reached an agreement on the draft Digital Services Act and the Digital Markets Act bringing them one-step closer to adoption.  The European Parliament will discuss the drafts on December 9 and plans to announce its first reading position either in December or in early 2022, after which the Council and the Parliament will enter into negotiations with the goal of reaching an agreement on a final text for both acts.

Link.

Link.

Link.

November 25 Other The European Commission published a draft regulation on the transparency and targeting of political advertising.

Link.

Link.

November 22 AI The Council of the EU published a progress report on the EU Artificial Intelligence Regulation. Link.
November 22 Cybersecurity The European Union Agency for Cybersecurity published its report on emerging cybersecurity challenges. Link.
November 19 Transfers The European Data Protection Board adopted guidelines on the interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR.

Link.

Link.

November 19 Product Safety The Council of the EU issued a progress report on the draft Regulation on general product safety. Link.
November 18 Digital Services The European Data Protection Board published a statement on the Digital Services Act. Link.
November 18 Cybersecurity The European Data Protection Board sent a letter to the European Union Agency for Cybersecurity regarding the European Cybersecurity Certification Scheme for Cloud Services on how to best use this scheme to meet the cybersecurity requirements of the GDPR, including those on transfers. Link.
November 17 Cybersecurity The European Union Agency for Cybersecurity published its report on the cybersecurity investments of operators of essential services and digital service providers covered by EU Directive on Security of Network and Information Systems (NIS Directive). Link.
November 15 Other The European Data Protection Supervisor announced that it will host a conference on effective enforcement in the digital work on June 16 and 17, 2022. Link.
November 11 Cybersecurity The European Union Agency for Cybersecurity published a report on incident response capabilities in the health sector. Link.
November 5, 2021 Open Data The European Commission will no longer discuss the EU Data Act in 2021.  According to Euractive, “the Commission’s impact assessments for new legislative proposals, rejected the Data Act on Wednesday (October 27) for reportedly not providing sufficient information on the conditions for public bodies to access data, the compensation for businesses and the relation with other legislative measures. Link
November 4, 2021 Privacy The Slovenian Council Presidency and European Parliament agreed to make certain changes to the draft ePrivacy Regulation provisions on direct marketing, including information in public registries. Link
October 29 Cybersecurity The European Commission adopted the Commission Delegated Regulation (EU) to the Radio Equipment Directive (Directive (EU) 2014/53) which aims to make sure that all wireless devices are safe before being sold within the EU market.  The Delegated Regulation lays down cybersecurity requirements for manufacturers of wireless devices.  The Delegated Regulation is currently under the scrutiny of the Council of the EU and the Parliament for a two-month period.  If the Council and Parliament do not raise any objections within these two months, it will be published in the Official Journal of the EU and will enter into force 20 days following publication.  Following the entry into force, manufacturers will have a transition period of 30 months to start complying with the new legal requirements under the Delegated Act. Link.

 

What’s Coming Next

 

  • European Parliament to adopt first reading position on the Digital Services Act and the Digital Markets Act in either December 2021 or early 2022.

 

Photo of Dan Cooper Dan Cooper

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing…

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing clients in regulatory proceedings before privacy authorities in Europe and counseling them on their global compliance and government affairs strategies. Dan regularly lectures on the topic, and was instrumental in drafting the privacy standards applied in professional sport.

According to Chambers UK, his “level of expertise is second to none, but it’s also equally paired with a keen understanding of our business and direction.” It was noted that “he is very good at calibrating and helping to gauge risk.”

Dan is qualified to practice law in the United States, the United Kingdom, Ireland and Belgium. He has also been appointed to the advisory and expert boards of privacy NGOs and agencies, such as Privacy International and the European security agency, ENISA.