Spanish Agencia Española de Protección de Datos – AEPD has issued a press release on the data protection implications of’IoB’ (internet of body) devices. These are devices connected to the Internet that monitor and/or act on vital signs, biometric data, and health indicators (e.g. physical activity, sleep quality, and sports activity).

IoB devices include external,

A new New York state law prohibits the use of biometric technology in New York state schools until the later of (i) July 1, 2022 or (ii) the Commissioner of Education completes a study and issues a report to facilitate the creation of a comprehensive statewide regulatory system governing the use of such technology. The

In atypical 2020 fashion, Santa actually gave UK the #1 present on its Christmas list: adequacy for cross-border data transfers from the EU as part of an overall trade deal.

Bloomberg reports the deal will include an interim solution for a maximum of 6 months while the European Commission considers a full adequacy decision for

Norway’s Datatilsynet does not mince words in its Brexit guidance:

“On 31 December 2020, the Brexit transition period will end. This means, among other things, that anyone who transfers personal data to the United Kingdom after this date must follow the rules on the transfer of personal data to third countries.”

“If the European Commission

“Increased usage of consumer products and industrial devices connected to the internet will also raise new risks for privacy, information- and cybersecurity, including increasingly potential impacts on the integrity and availability of products and data, which can directly affect safety,”  says the Council of Europe in its “Conclusions on the cybersecurity of connected devices.”

Additional

The European Data Protection Board has issued guidance on its Coordinated Enforcement Framework (CEF). The CEF provides a structure for coordinating recurring annual activities by EDPB Supervisory Authorities. The annual coordinated action focuses on a pre-defined topic which participating SAs may pursue using a pre-defined methodology

  • The CEF is the foundation on which the annual

The European Parliament issued a detailed study on the impact of smart mobility applications on the future of transport and addressed some data protection issues.

  • Public authorities should further specify legislation for data privacy and protection. (e.g. addressing how drivers can grant third parties’ consent to use their data, where processing data is necessary for

The European Commission has issued long-awaited draft Standard Contractual Clauses and they have something for everyone…

  • Annexes and pick-and-choose modules (C2C, C2P, P2P, P2C).
  • Lots of emphasis on the laws of the country of transfer and pushing back on government requests.
  • Reiteration of some Article 26 (joint controller agreement) and Article 28 (data processor agreement)