Weekly Newsletter: 9 November – 13 November 2020
GDPR EU Representative

November 16, 2020

Europe urges e-commerce platforms to share data in fight against coronavirus scams

[#EUconsumers #EuropeanCommission #DataSharing #CovidData #CoronavirusScams] “European lawmakers are pressing major e-commerce and media platforms to share more data with each other as a tool to fight rogue traders who are targeting consumers with coronavirus scams

[…] In a statement today, Didier Reynders, the EU commissioner for justice, said: ‘We know from our earlier experience that fraudsters see this pandemic as an opportunity to trick European consumers. We also know that working with the major online platforms is vital to protect consumers from their illegal practices. Today I encouraged the platforms to join forces and engage in a peer-to-peer exchange to further strengthen their response. We need to be even more agile during the second wave currently hitting Europe.'”

To read more: Click here

Tim Berners Lee’s startup Inrupt releases Solid privacy platform for enterprises

[#Inrupt #SolidPrivacyPlatform #DataUsers #DataControl #DataOnlineStorage]

“Inrupt, the startup from World Wide Web founder Tim Berners-Lee, announced an enterprise version of the Solid privacy platform today, which allows large organizations and governments to build applications that put users in control of their data.

The core idea behind this approach is that users control their data in online storage entities called Personal Online Data Stores or Pods for short. The enterprise version consists of Solid Server to manage the Pods, and developers can build applications using an SDK to take advantage of the Pods and access the data they need to do a particular job like pay taxes or interact with a healthcare provider. Bruce points out that the enterprise version is fully compatible with the open source Solid project specifications.”

To read more: Click here

ECJ Judgment in Case C-61/19

[#ECJ #CourtofJustice #PreTickedBox #Consent] A contract for the provision of telecommunications services containing a clause stating that the customer has consented to the collection and storage of his or her identity document cannot demonstrate that that customer has validly given his or her consent where the box referring to that clause has been ticked by the data controller before the contract was signed.

That is also the case where the customer is misled as to the possibility of concluding the contract if he or she refuses to consent to the processing of his or her data, or where the freedom to choose to object to that collection and storage is affected by the requirement to complete an additional form setting out that refusal.”

To read more: Click here

Schrems II follow-up: EDPB recommendations

[#SchremsII #EDPB #DataProtection] Breaking news: Schrems II follow-up. The EDPB just published two sets of recommendations:

  1. Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data – public consultation open until November 30 (see below)
  2. Recommendations 02/2020 on the European Essential Guarantees for surveillance measures.

A breakdown of EDPB’s recommendations for data transfers post-‘Schrems II’

[#EDPB #EDPBGuidelines #Recommendations #SchremsII #EUUSDataTransfers]

“[…] The EDPB guidance released today is complex. In the days and weeks ahead, it will demand careful analysis by privacy professionals around the globe.

It will frustrate many due to its onerous demands on companies and lack of perfectly packaged solutions to the very real and practical challenges that companies face — enabling and protecting data flows so that our global economy and society can function, particularly with the increase in remote data-enabled engagement during the pandemic.

And yet while challenging, the EDPB guidance is impressive. It reflects an enormous effort by the EDPB and DPAs to provide concrete examples and options for companies to address a nearly impossible task — finding a way to maintain EU data protection standards in an inherently global and multicultural world in which norms and laws diverge.”

To read more: Click here

European Commission’s new draft on Standard Contractual Clauses

#EDPB #SchremsII #EUUSDataTransfers

The EU Commission just published the new draft on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.

“One year grace period for the old SCCs 2001/497/EC (C2C) and 2010/87/EU (C2P), but data exporters and importers should however take “supplementary measures” to “ensure that the transfer of personal data is subject to appropriate safeguards within the meaning of Article 46(1) GDPR.””

To read more: Click here

The 5 Things We Like – and the 5 We Do Not – in the EDPB Post-Schrems II Recommendations

#EDPB #EDPBGuidelines #Recommendations #SchremsII #EUUSDataTransfers

“On November 10, 2020, the European Data Protection Board (EDPB) adopted the long-awaited “Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data” (the recommendations) – available here. The recommendations should assist organizations in dealing with the consequences of the Schrems II judgment of the Court of Justice of the European Union (which invalidated the Privacy Shield and imposed additional requirements on organizations for their transfers of personal data).

There are things we like in the recommendations, and things we do not. Organizations are invited to submit their comments until November 30, 2020.”

To read more: Click here

Follow Us On Social Networks

Stay Up to Date With The Latest News & Updates