The European Data Protection Supervisor (EDPS) has issued an opinion on the European Union Agency for Cybersecurity’s (ENISA) use of the explicit consent derogation as a legal basis for cross border transfers to the US concerning subscriptions to its newsletter.

Key points:

Cry and Pray (and try to not transfer):

  • The EDPS has requested EU

The development of alternative techniques to “third-party” cookies cannot be done at the expense of the right of individuals to protect their personal data and privacy, according to France’s Commission Nationale de l’Informatique et des Libertés (CNIL).

The commission has issued new guidance on what happens after third party cookies.

Data Protection Considerations:
  • The end

The United Kingdom’s Information Commissioner’s Office has released the second chapter in its anonymization guide for public comment.

Here are some key points:

  • An effective anonymization process seeks to reduce the likelihood of someone being identified or identifiable to a sufficiently remote level. This level depends on a number of factors specific to the context.

In Connecticut, if you adopt and maintain and comply with written cybersecurity program that contains administrative, technical and physical safeguards for the protection of personal or restricted information and that conforms to an industry recognized cybersecurity framework then you will not be subject to punitive damages in court against any cause of action founded in

Datatilsynet Denmark has issued serious criticism — and an injunction — to bring dating app Dating.dk’s data processing into compliance before November 16, 2021. The group says the app failed to acquire user consent in a manner that satisfies the requirements of GDPR.

Specifically:

  • A declaration of consent, whereby the user by the same “click”

It’s time for a new agreement on transatlantic data flows, according to the U.S. Chamber of Commerce.

“The U.S. and EU must work together to swiftly finalize a new EU-U.S. Privacy Shield agreement that brings legal certainty to data transfer mechanisms,” the organization said in a statement. “This must be the top priority for both

The United Kingdom has issued an ambitious report on its 10 year plan to become an AI super power.

The document lays out a detailed business plan with 3 month, 6 month and longer objectives.

Notably:

  • The document states that the government is also exploring how privacy enhancing technologies (PET) can remove barriers to data

A new Congressional Research Service report on EU-US Privacy Shield invalidation and its aftermath lists possible options for Congress to facilitate US-EU data flows and a potential enhanced Privacy Shield accord. They include:

  • Exploring changes when authorizing and overseeing surveillance programs to better protect data privacy or otherwise address EU concerns;
  • Strengthening the Privacy and

The DPA of Uruguay, one of the only countries recognized as “adequate” destinations for cross border data transfers from the European Union – has issued updated guidance on the content of cross border data transfer agreements in the wake of SchremsII:

All contracts need to include:

  • purpose of processing
  • applicable data protection law
  • definitions
  • content

Here are a few takeaways from what I said this week at the InfoGov World Expo virtual auditorium.

  • Is it still “early days for GDPR?” Not if you ask Germany, France’s Commission Nationale de l’Informatique et des Libertés (CNIL), Spain’s Agencia Española de Protección de Datos (AEPD), Denmark’s Datatilsynet and other DPAs who have been