Info@NationalCyberSecurity
Info@NationalCyberSecurity

EU/UK Privacy & Cybersecurity News Roundup – Week Of September 4, 2023 – Privacy Protection | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware



To print this article, all you need is to be registered or login on Mondaq.com.

Data privacy case law and legislation is constantly updated in
the United Kingdom and European Union to address key issues. In
order to track the latest developments, we have set out a brief
overview of case law updates, legislation, guidance and news.

Case Law Updates and Fines

  • On 25 August, the ICO fined This Is The Big Deal Limited
    £30,000 for unsolicited direct marketing. Read the monetary
    penalty notice here.

  • On 28 August, in Spain, the AEPD fined Atresmedia €50,000
    for unnecessary data processing. Read the decision, only available
    in Spanish, here.

  • On 30 August, the AEPD fined GLS Spain €140,000 for
    unlawful data processing. Read the decision, only available in
    Spanish, here.

  • On 30 August, the Swedish data protection authority (IMY) fined
    Trygg-Hansa SEK 35M for data security failures. Read the press
    release here and the decision here, both only available in Swedish.

  • On 28 August, the High Court of Ireland issued its decision in
    the case of Johnny Ryan vs. Data Protection Commission [2023] IEHC
    511. This case involved a challenge to the Data Protection
    Commission’s handling of a complaint made under the General
    Data Protection Regulation (GDPR) and the Data Protection Act 2018
    by Johnny Ryan, concerning Google Ireland Ltd’s data processing
    for targeted advertising through the Google Authorized Buyers Ad
    Exchange. Read the judgment
    here.

Legislation

  • On 25 August, the European Commission announced that the
    Digital Services Act entered into force, on the same date, for
    large online platforms following its general entry into effect on
    November 16, 2022. Read the press release here and the DSA here.

  • On 20 August, the CNIL issued its opinion on a draft decree
    relating to the use of algorithmic processing technologies relating
    to the Paris 2024 Olympics. Read the opinion, only available in
    French, here.

  • On 1 September, in Switzerland, the Federal Act on Data
    Protection 2020 and the Ordinance on the Federal Act on Data
    Protection entered into force. For further information and
    resources on Switzerland, see Switzerland homepage.

Guidance & Draft Guidance

  • On 29 August, the Danish data protection authority
    (Datatilsynet) published new guidance on the obligations of data
    controllers when the ‘auto-complete’ function is used in
    emails. Read the press release here and access the guidance here both only available in Danish.

  • On 30 August, the ICO issued guidance on sending emails
    containing personal data. Read the press release here and access the guidance here.

  • On 31 August, in Switzerland, the FDPIC released its factsheet
    on procedure for preparing a DPIA. Read the press release here and download the factsheet here.

  • On 31 August, the ICO issued guidance on handling employee
    health data. Read the press release here and access the guidance here.

  • On 25 August, in Norway, Datatilsynet released guidance on
    access to employees’ emails and electronically stored material.
    Read the press release here guidance here, both only available in Norwegian.

Data Protection Authority Updates and Privacy News

  • On 28 August, the CNIL requested comments on the draft
    recommendation on processing presenting high risks. Read the press
    release here and the draft recommendation here, both only available in French.

  • On 24 August, in Turkey, the Personal Data Protection Authority
    (KVKK) announced a data breach within Besiktas Sportif
    Ürünleri Sanayi ve Ticaret. Read the press release, only
    available in Turkish, here.

  • On 29 August, in Serbia, the Commissioner for Information of
    Public Importance and Personal Data Protection (the Poverenik)
    announced that the Government of the Republic of Serbia had adopted
    the personal data protection strategy for 2023 to 2030. Read the
    press release here.

  • On 29 August, the UK Culture, Media and Sport Committee
    published its report titled ‘Connected tech: AI and creative
    technology.’ Read the press release
    here, the report here, and a summary of the report here.

  • On 22 August, in Spain, the Ministry of Finance and Public
    Function announced the approval by the Council of Ministers of a
    Royal Decree approving the statute for the creation of the National
    Artificial Intelligence Supervisory Agency. Read the press release,
    only available in Spanish, here.

  • On 31 August, in the Netherlands, the Dutch data protection
    authority (AP) published a report titled Algorithmic Risks Report
    Netherlands. Read the press release here and the report here.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Privacy from Worldwide

The Next Wave Of Website Privacy Lawsuits

K&L Gates

The rise in session replay litigation has paved the way for a new wave of website privacy lawsuits: pixel tool litigation. Plaintiffs have increasingly challenged the use of this technology…

——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW