Inside Privacy

Updates on developments in data privacy and cybersecurity

On 22 December 2021, the conference of German data protection supervisory authorities (“DSK”) published its Guidance for Providers of Telemedia Services (Orientierungshilfe für Anbieter von Telemedien).  Particularly relevant for providers of websites and mobile applications, the Guidance is largely devoted to the “cookie provision” of the German Telecommunication and Telemedia Privacy Act (TTDSG),

In a decision handed down on December 1, 2021, the Brussels Market Court (Court of Appeal) had an opportunity to consider the GDPR right of access.  The Belgian Ministry of Finance appealed the Belgian Supervisory Authority’s recent decision requiring the Ministry to grant a complainant access to her financial file and make corrections to the

On 12 January 2022, the French National Assembly’s Committee on Cultural Affairs and Education (the “Committee”) unanimously approved a draft bill seeking to “encourage the use of parental controls on certain equipment and services sold in France and allowing access to the Internet” (the “Bill”).

  • Background
  • In 2021, the French Supervisory Authority (“CNIL”) conducted a

    On January 5, 2022, the European Data Protection Supervisor (“EDPS”) issued a reprimand to the European Parliament for its offering of a website to its staff and members to schedule Covid-19 tests which violated the transparency and transfer provisions of Regulation (EU) 2018/1725 (“Regulation”).  In addition, the EDPS ordered the European Parliament to bring the

    On December 22, 2021, the Austrian Supervisory Authority (“Authority”) found that an Austrian website that implemented the (free version of) Google analytics violated the GDPR’s rules on international data transfers (see here).

    The Authority decided that the Standard Contractual Clauses, combined with the Austrian website operator’s supplementary measures to transfer personal data to Google

    On January 9, 2022, the cookie guidelines (“guidelines”) published by the Italian Supervisory Authority (“Garante”) on July 9, 2021 entered into force.  This means that all those companies that have not yet conformed to the guidelines’ provisions should do so promptly, to avoid incurring in future sanctions.  The guidelines include precise indications on, e.g., the

    Date
    Tag
    News
    Link to Source

    December 16
    Artificial Intelligence
    The European Parliament Research Service published a study on biometrics and AI, with recommendations for the draft Artificial Intelligence Act.
    Link.

    December 15
    Cybersecurity
    The UK Government published its 2022 National Cyber Strategy.  The strategy is built around five core pillars:

    • strengthening the

    On January 4, 2022, the Federal Trade Commission published a warning to companies and their vendors to take reasonable steps to remediate the Log4j vulnerability (CVE-2021-44228).  The FTC provided a list of recommended remedial actions for companies using the Log4j software.  The FTC’s warning references obligations under the FTC Act and Gramm Leach Bliley Act