Following the recent judgment of the Court of Justice of the European Union in Case C-311/18 – Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems, the European Data Protection Board (EDPB) has adopted a ‘Frequently Asked Questions’ document to provide initial clarification and give preliminary guidance to stakeholders on the use of legal instruments for the transfer of personal data to third countries, including the U.S.
According to the Court of Justice of the European Union press announcement, in the view of the Court, the limitations on the protection of personal data arising from the domestic law of the United States on the access and use by US public authorities of such data transferred from the European Union to that third country, which the Commission assessed in Decision 2016/1250, are not circumscribed in a way that satisfies requirements that are essentially equivalent to those required under EU law, by the principle of proportionality, in so far as the surveillance programmes based on those provisions are not limited to what is strictly necessary.
The general view is that two years after it started to apply, the GDPR has successfully met its objectives of strengthening the protection of the individual’s right to personal data protection and guaranteeing the free flow of personal data within the EU. However, a number of areas for future improvement have also been identified.
The purpose of this two-year assessment is to provide a wider-angled lens through which to assess the work of the Data Protection Commission (DPC) since the implementation of the General Data Protection Regulation (GDPR); in particular, to examine wider datasets and annual trends to see what patterns can be identified.
According to the European Data Protection Supervisor (EDPS) in his recent opinion on the European Data Strategy, the predominant business model of the digital economy is characterized by an unprecedented concentration of data in the hands of a handful of powerful players, based outside the EU, and wide-scale pervasive tracking. The EDPS goes on to share that he strongly believes that one of the most important objectives of the European Data Strategy should be to prove the viability and sustainability of an alternative data economy model – open, fair, and democratic.
According to the recently published Cyberspace Solarium Commission report “Cybersecurity Lessons from the Pandemic,” the COVID-19 pandemic illustrates the challenge of ensuring resilience and continuity in a connected world. Many of the effects of this new breed of crisis can be significantly ameliorated through advance preparations that yield resilience, coherence, and focus as it spreads rapidly through the entire system, stressing everything from emergency services and supply chains to basic human needs and mental health. The pandemic produces cascading effects and high levels of uncertainty. It has undermined normal policymaking processes and, in the absence of the requisite preparedness, has forced decision-makers to craft hasty and ad hoc emergency responses.
“As our lives increasingly move online, our data privacy becomes more important than ever. The California Consumer Privacy Act, which gives consumers choice and control over personal information in the marketplace, is game-changing and historic,” said Attorney General Becerra. “Our regulations provide businesses and individuals with guidance on how to protect that choice and boost transparency, while continuing to unleash innovation. Businesses have had since January 1 to comply with the law, and we are committed to enforcing it starting July 1.”
According to the publishers, this paper is an aid to quickly checking your own security with regard to the availability of your own data processing within the meaning of Article 32 GDPR. The scope includes both the non-public as well as the public area. The work was created in a collaboration between the Bavarian State Office for Data Protection Supervision (BayLDA) and the Bavarian State Commissioner for Data Protection (BayLfD).
The European Data Protection Board (EDPB) is an independent European body that contributes to the consistent application of data protection rules throughout the European Union and promotes cooperation between the EU’s data protection authorities. The following update shares an overview of recent EDPB guidance on the concept of consent under the EU General Data Protection Regulation (GDPR).
The following guidance, prepared and published by the Data Protection Commission (DPC) of Ireland, has been developed to aid data controllers and processors to ensure they meet their obligations with regard to the security of personal data they process.