Weekly Newsletter: 8 February – 12 February 2021
GDPR EU Representative

February 15, 2021

Unveiling the hidden practices of the web

[#Cookies #CookieScan #CNIL #FrenchDPA]

The French DPA (CNIL) publishes results of its analysis on the cookie practices of the 1000 most-used websites in France

“Web pages can include many elements invisible to users, which collect their data. These elements are used by third parties to track users online behavior and influence their future choices. We periodically analyze the 1000 most used web sites in France in order to reveal these practices and follow their evolution.

– A majority of sites drop third party cookies on the first visit.
– Up to 79 third parties can access your browsing information when a web page loads.
– Advertising agencies are the main users of cookies.”

To read more: Click here.

Revealed: Portugal’s plans to conclude ePrivacy saga

[#ePrivacy #ePrivacydraft #EUPortugalPresidency]

“The Portuguese presidency of the EU has pitched a new text on the controversial ePrivacy regulation, focusing on the processing of communications metadata and data stored on end-user equipment, according to the latest proposal, obtained by EURACTIV.

The text, the latest in a long line of attempts by EU presidencies to find common ground following the European Commission’s 2017 proposal, was presented to EU delegations last Friday (5 February) and is due to be discussed during a meeting between diplomats on Wednesday (10 February).

‘The most important change the Portuguese Presidency has proposed is the re-introduction of the possibility to process electronic communications metadata and to use the processing and storage capabilities of the end-users’ terminal equipment, including collection of information for further compatible processing,’ Friday’s proposal states.”

To read more: Click here

Data regulator under fire over dated software

[#IrishDPC #Regulator #OneStopShop]

“Freedom-of-information requests filed by the Irish Council for Civil Liberties found that the Data Protection Commission (DPC) has not implemented a new core system to cope with the demands of the European Union General Data Protection Regulation (GDPR), which became enforceable in 2018.

[…] The findings come as questions grow over the future of the ‘one-stop shop’ model, which allows national regulators to handle GDPR investigations on behalf of the EU, but has increasingly been viewed as a bottleneck.

‘The GDPR gives Ireland a central role in protecting data rights across all of the European Union but [it] is not configured for its digital mission,’ said Dr Johnny Ryan, senior fellow at the council. ‘How can it be expected to monitor what the world’s biggest tech firms do with our data?'”

To read more: Click here

Confidentiality of electronic communications: Council agrees its position on ePrivacy rules

[#ePrivacy #ePrivacyRegulation #EuropeanCouncil]

“Today, member states agreed on a negotiating mandate for revised rules on the protection of privacy and confidentiality in the use of electronic communications services. These updated ‘ePrivacy’ rules will define cases in which service providers are allowed to process electronic communications data or have access to data stored on end-users’ devices. Today’s agreement allows the Portuguese presidency to start talks with the European Parliament on the final text.

[…] The draft ePrivacy regulation will repeal the existing ePrivacy directive. As lex specialis to the general data protection regulation (GDPR), it will particularise and complement the GDPR. For example, in contrast to the GDPR, many ePrivacy provisions will apply to both natural and legal persons.”

To read more: Click here

Google challenges French data watchdog’s €100 million fine in court

[#Google #GDPRfines #GDPRsanctions #OneStopShop]

“Google, defended by lawyer Patrick Spinosi, showed its deep disagreement with CNIL’s ‘exceptional’ daily penalty of €100,000 imposed for the period during which the US giant would make the necessary changes.

[…] While Google considers the deadline – set for 4 April – to be far too short, the CNIL representative at the hearing considered it ‘largely sufficient’, noting that ‘there’s still a month and a half.’

[…] Moreover, Google also contested the CNIL’s jurisdiction. On several occasions, it expressed concern regarding the legality of this injunction, saying it was ‘not sufficiently clear’. France’s data watchdog also argued that its control over the cookie policy falls within the ePrivacy regulation and that Google is ‘sufficiently territorialised in France to be subject to French law’. For its part, Google has appealed to the one-stop-shop mechanism provided for in the General Data Protection Regulation (GDPR) which, in its view, requires it to report on data protection matters only to the corresponding authority in the country in which it is based, namely Ireland.”

To read more: Click here.