Latest Developments in The World of Data Protection and Internet Regulation

Reading and analysing in the world of Internet regulation, a fast pace marathon :

• European Commission and United States Joint Statement on Trans-Atlantic Data Privacy Framework – The European Commission and the United States announce that they have agreed in principle on a new Trans-Atlantic Data Privacy Framework, which will foster trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union in the Schrems II decision of July 2020.  A new step towards free data flow between the EU and the US.

– “Privacy Shield 2.0”? – First Reaction by Max Schrems

• FACT SHEET: United States and European Commission Announce Trans-Atlantic Data Privacy Framework
• UK the international data transfer agreement (IDTA), the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers (Addendum) and a document setting out transitional provisions.
• Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them. The European Data Protection Board welcomes comments on the “Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them”.

Such comments should be sent May 2nd 2022 at the latest u https://edpb.europa.eu/our-work-tools/documents/public-consultations/2022/guidelines-32022-dark-patterns-social-media_en

• The Digital Markets Act: ensuring fair and open digital markets – “The European Union has opened a new chapter in antitrust enforcement for the digital economy, adopting a raft of new rules designed to clamp down on abuses by some of the world’s largest tech firms.

In a deal brokered Thursday evening, officials from the European Parliament, Council and Commission concluded 15 months of intense negotiations on a new rulebook for Big Tech giants operating in the European market, the Digital Markets Act.”

• Shaping Europe’s digital future – The Data Act is a proposed Regulation harmonising rules on fair access to and use of data. It will play a key role in the digital decade, helping to shape the rules for the digital economy and society. 

The Data Act is part of the overall European strategy for data, and complements the Data Governance Regulation of November 2020 by clarifying who can create value from data and under which conditions. It will also introduce rules concerning the use of data generated by devices connected to the Internet of Things.

• Scientific research and pharmacovigilance: the first Code of Conduct approved by AEPD https://lnkd.in/eNYe5xGB

Related topics Cloud Computing Data Advanced and Cloud Computing

• Subject: US Customs and Border Protection gaining access to EU biometric databases – The US administration plans to subject travellers entering on the Visa Waiver Program (VWP) to new biometric data requirements. Under a ‘comprehensive secure travel partnership’, VWP partners will give the relevant US border security authorities access to EU databases containing fingerprints and/or facial images. In return, the authorities of those countries will also be allowed to access US databases.

1. What organisational and legal issues does the Council think Member States could encounter as a result of the comprehensive secure travel partnership, and what conclusion has it come to after examining these?

2. As things stand, which EU databases (such as the common biometric database) or networked information systems (such as the Prüm Decision or ‘Prüm II’) would the US authorities be allowed to access to consult biometric data under the comprehensive secure travel partnership, and to what extent would the ‘hit/no hit’ principle apply?

3. Which US databases would EU authorities gain access to under the comprehensive secure travel partnership?

• UK online safety bill – The Online Safety Bill delivers the government’s manifesto commitment to make the UK the safest place in the world to be online while defending free expression. The Bill has been strengthened and clarified since it was published in draft in May 2021, and reflects the outcome of extensive Parliamentary scrutiny.
• Much to catch on the subject of Ad Tech, RTBF and IAB, following Johnny Ryan suit. Johnny Ryan from the Council for Civil Liberties just announced taking the Irish DPC into court for inaction against Google RTBF.
• Cyber resilience act – new cybersecurity rules for digital products and ancillary services – Digital products and ancillary services create opportunities for EU economies and societies. But they also lead to new challenges – when everything is connected, a cybersecurity incident can affect an entire system, disrupting economic and social activities.
• More on ClearviewAI, its use by law enforcement and EU DPA fines. € 20 million privacy fine against Clearview AI facial recognition system in Italy
• A new class action in the UK, this time against TikTok : Data class actions in the spotlight again: English Court allows GDPR opt-out Representative Action to proceed
• Our Minds, Monitored and Manipulated – How AI Impacts Public Discourse and Democracy
• France’s OVHcloud Files Antitrust Complaint Against Microsoft’s Cloud Services
• There’s More to AI Bias Than Biased Data, NIST Report Highlights Rooting out bias in artificial intelligence will require addressing human and systemic biases as well. Further read on AI and bias  
• UK ICO fined Smith Law & Shepherds IFA Ltd has contravened Chapter 3, Article 15 of the GDPR.
• In its decision to fine the law firm Tuckers LLP, “the Commissioner has considered, in the context of “state of the art”, relevant industry standards of good practice including the ISO27000 series, the National Institutes of Standards and Technology (“NIST”), the various guidance from the ICO itself, the National Cyber Security Centre (“NCSC”), the Solicitors Regulatory Authority (“SRA”), Lexcel and ‘NCSC Cyber Essentials’. and the low cost of encryption.