Weekly Newsletter: 29 March – 2 April 2021
GDPR EU Representative

April 5, 2021

Google Chrome’s Incognito Mode Is Weak: Here’s How To Surf In Privacy

[#Chrome #Chromeincognito #Privacy #Google #Vivaldi] 

“Even with Incognito mode switched on, the Chrome browser will still allow websites to collect information about your surfing habits during that session, including Google’s own services. What’s more, the default search engine remains Google, which continues to track your behavior, potentially linking that data to your IP address.[…]

Below, I’m going to explain the privacy benefits of switching browser to Vivaldi – a web browser that’s built on the same engine as Google Chrome and is compatible with all of its extensions, but which delivers a far superior feature set, including a stronger privacy mode.[…]

If all the above hasn’t convinced you to switch browser, there’s a big step you can take in Chrome to protect your surfing privacy.”

To read more: Click here

European strategy for data : what parliament wants 


“Responding to the European Commission’s European Strategy for Data, the Parliament called for legislation focused on people based on European values of privacy and transparency that will enable Europeans and EU-based companies to benefit from the potential of industrial and public data in a report adopted on 25 March. […]
MEPs said that the crisis has shown the need for efficient data legislation that will support research and innovation. Large quantities of quality data, notably non-personal – industrial, public, and commercial – already exist in the EU and their full potential is yet to be explored. […]

MEPs said rules should be based on privacy, transparency and respect for fundamental rights. […]

As the success of the data strategy depends largely on information and communication technology infrastructure, MEPs called for accelerating technological developments in the EU, such as cybersecurity technology, optical fibres, 5G and 6G, and welcomed proposals to advance Europe’s role in supercomputing and quantum computing.”

To read more: Click here  

Joint Statement by Commissioner Reynders and Yoon Jong In, Chairperson of the Personal Information Protection Commission of the Republic of Korea

[#Europeanunion #EDPB #Republicofsouthkorea] 

“In their call today, Commissioner for Justice Didier Reynders and Chairperson of the Personal Information Protection Commission Yoon Jong In welcomed the successful conclusion of the adequacy talks between the European Union and the Republic of Korea. The adequacy dialogue confirmed the high degree of convergence between the European Union and the Republic of Korea in the area of data protection, which increased further with the recent entry into force of the new Personal Information Protection Act in the Republic of Korea and the strengthening of the powers of the Personal Information Protection Commission. […]

The European Commission will now launch the procedure for the adoption of its adequacy finding. This involves obtaining an opinion from the European Data Protection Board (EDPB) and the green light from a committee composed of representatives of the EU Member States. Once this procedure will have been completed, the Commission will adopt the adequacy decision on the Republic of Korea.”

To read more: Click here  

Booking.com fined €475,000 for reporting data breach too late 

[#Databreaches #Bookingcom #DutchDPA] 

“According to a copy of the fine’s text, obtained by The Record, the fine was imposed for a security breach that took place in December 2018, after hackers gained access to the Booking.com login credentials for employees of 40 hotels in the United Arab Emirates. […] The intruders also viewed the payment card data for 283 people, including the security code for 97 cards, and Dutch officials said the hackers also called some customers posing as Booking.com employees in order to collect additional payment card details.

The Dutch privacy watchdog said it fined the company because it learned of the breach on January 13, 2019, but notified authorities only on February 7, 22 days after the standard three-day GDPR breach reporting deadline had expired.

“This is a serious violation,” said Monique Verdier, vice-president of the Dutch Data Protection Authority. “A data breach can unfortunately happen anywhere, even if you have taken good precautions. But to prevent damage to your customers and the recurrence of such a data breach, you have to report this in time.””

To read more: Click here  

French data watchdog to start checking cookie policy compliance

[#CNIL #Cookies #Guidelines] 

“France’s data protection watchdog CNIL will from Thursday (1 April) begin conducting checks to ensure websites are in compliance with new guidelines on advertising trackers after the deadline it granted expired. EURACTIV France reports.

The new rules mean that user consent for advertising cookies must be granted by a “clear and positive act” such as clicking on an “I accept” button now ubiquitous across European websites. “Simply continuing to browse a site can no longer be considered as a valid expression of the web user’s consent,” the CNIL framework states.

New rules also stipulate that users must be able to be clearly informed of the purposes of the cookies collected before consenting to them. “It must be as easy to withdraw consent as to give it,” according to the CNIL’s deliberation on the new guidelines published in September.””

To read more: Click here

Non-material damages under the GDPR: will it become the rule rather than the exception? 

[#DutchDPA #GDPRdamages #Datacompliance #laandlegislation #regulation] 

“Recently, the chairperson of the Dutch data protection authority (who is also the vice chairperson of the EDPB) wrote a blog post (in Dutch) about the right to claim non-material damages after a breach of obligations under the EU General Data Protection Regulation (GDPR). The chairperson proposes that new legislation is made in which it is clarified that even trivial breaches of the GDPR should result in compensation for non-material damages. In other words, awarding non-material damages should be the default and not the exception to the rule. According to the chairperson, such a new system of statutory compensation would help solve certain practical problems.

[…] As the chairperson of the Dutch regulator puts it: ‘how do you prove a scratch on your soul?’ […]

Based on the above points, it is understandable that the chairperson of the Dutch regulator would argue for a system of statutory damages. For now, claimants will still have to prove the scratch on their soul – sure to result in interesting case law.”

To read more: Click here