Weekly Newsletter: 31 May – 4 June 2021
GDPR EU Representative

June 7, 2021

Noyb aims to end “cookie banner terror” and issues more than 500 GDPR complaints 

[#EDPB #DataTransfers #DataprotectionAuthority] 

“Today, noyb.eu sent over 500 draft complaints to companies who use unlawful cookie banners – making it the largest wave of complaints since the GDPR came into force. By law, users must be given a clear yes/no option.

As most banners do not comply with the requirements of the GDPR, noyb developed a software that recognizes various types of unlawful cookie banners and automatically generates complaints.

Nevertheless, noyb will give companies a one-month grace period to comply with EU laws before filing the formal complaint.”

To read more: Click here

GDPR Article 27 Representative is not liable for its client’s actions 

[#UKRepresentative #EURepresentative #Noneucompanies] 

“The England and Wales High Court of Justice (May 28th 2021): the GDPR article 27 representative is not liable for its client’s actions.

On the role of the representative:
“At the least, the picture which emerges is of a considerably fuller role than a mere postbox ‘to be addressed’. Even the language of ‘conduit’ or ‘liaison’ does not fully capture the job the GDPR gives to representatives. The role is an enriched one, active rather than passive. […] The job focuses on providing local transparency and availability to data subjects, and local regulatory co-operation.”[74]

On the representative’s liability:
“I find no positive encouragement for ‘representative liability’ anywhere other than the last sentence of Rec.80. […] If the GDPR had intended to achieve ‘representative liability’ then it would necessarily have said so more clearly in its operative provisions” [101]

To read more: Click here

The biggest data breach in history: Real-Time Bidding

[#OnlineAdvertising #UnitedStates #Adtracking] 

“The private things we do and watch online are collected from a vast system that operates behind the scenes on virtually every website and app. The United States Senate invited me to testify about this system. Here I’m telling the senators what happens every time one of them visits a website.

“You go on to the website and the website tells 10s or hundreds of companies (that you’ve never heard about) all about you so that their clients can decide whether to bid on the opportunity to show you an ad.”

It’s called real-time bidding (RTB). A multibillion dollar industry that grew out of online advertising. […]

So far, Europe’s privacy watchdogs have stayed silent. No action has been taken to end the most massive data breach in history.”

To read more: Click here

The European Union promises companies more legal certainty

[#SCCs #EuropeanCommission #DidierReynders #SchremsII] 

“On Friday, the Commission will introduce the new “Standard Contractual Clauses”, which currently provide the only basis for legally compliant data sharing. “We guarantee the highest possible level of legal security,” EU Justice Commissioner Didier Reynders said in an interview with Handelsblatt and other European media.

But at the same time, Reynders admitted that adapting the standard contractual clauses “wasn’t an ideal solution”. Therefore, the European Union is aiming for a new data protection agreement with the United States of America. Reynders is currently in talks with the US Secretary of Commerce, Gina Raimondo.

However, “in the short and medium term” it is not expected that an agreement that meets European requirements will be found. “We want to block the Schrems 3 decision,” Reynders said.”

To read more: Click here

Brussels puts forward plan to create new EU-wide digital identity 

[#EuropeanCommission #GDPR #PersonalData] 
“The European Commission has put forward plans to establish a European digital “identity” that citizens will be able to use to open bank accounts, file tax returns and enrol in university. […]

The Commission wants citizens to use the European Digital Identity for all sorts of everyday tasks, such as requesting birth certificates, reporting a change of address, renting a car, applying for a loan or checking in a hotel. All public services and large private platforms will be obliged to accept it. […]

Brussels wants this new European identity to be “trusted and secure” in line with the bloc’s General Data Protection Regulation (GDPR). The executive says the digital wallet will let people choose what kind of personal data they want to include and share.”

To read more: Click here

EU’s new Standard Contractual Clauses have been published 

[#EuropeanCommission #SCCs #StandardContractualClauses #EUdatatransfers]

Breaking news: the EU’s new Standard Contractual Clauses have been published!

“Today, the European Commission adopted two sets of standard contractual clauses, one for use between controllers and processors and one for the transfer of personal data to third countries. They reflect new requirements under the General Data Protection Regulation (GDPR) and take into account the Schrems II judgement of the Court of Justice, ensuring a high level of data protection for citizens.

These new tools will offer more legal predictability to European businesses and help, in particular, SMEs to ensure compliance with requirements for safe data transfers, while allowing data to move freely across borders, without legal barriers.

[…] For controllers and processors that are currently using previous sets of standard contractual clauses, a transition period of 18 months is provided.”

Please find the press release here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

SCC’s for use between controllers and processors: https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors