Currencies

EU/UK Privacy & Cybersecurity News Roundup – Week Of September 18, 2023 – Data Protection



To print this article, all you need is to be registered or login on Mondaq.com.

Data privacy case law and legislation is constantly updated in
the United Kingdom and European Union to address key issues. In
order to track the latest developments, we have set out a brief
overview of case law updates, legislation, guidance and news.

Case Law Updates and Fines

  • On June 22, 2023, the Hungarian National Authority for Data
    Protection and Freedom of Information (NAIH) issued its decision in
    Case No. NAIH-6427-1/2023, in which it fined Digi
    Telecommunications and Services Ltd HUF 80 million (approx.
    $223,104), for violations of the General Data Protection Regulation
    (GDPR), following an audit in connection with a reported data
    breach. You can download the decision, only available in
    Hungarian, here.

  • On June 23, 2023 the Hungarian National Authority for Data
    Protection and Freedom of Information (NAIH) issued its decision in
    Case No. NAIH-6364-1/2023, in which it fined Budapest Public
    Utilities Ltd HUF 16 million (approx. $44,630), for violations of
    the General Data Protection Regulation (GDPR), following a public
    interest notification. You can download the decision, only
    available in Hungarian, here.

  • On September 7, 2023, the Court of Justice of the European
    Union (CJEU) issued a press release on its judgment in
    Case C-162/22 A.G. v Lietuvos Respublikos
    generalinė prokuratūra, further to a reference for a
    preliminary ruling from the Supreme Administrative Court of
    Lithuania. You can read the press release here and the ruling here.

  • On September 7, 2023, Interactive Advertising Bureau (IAB)
    Europe announced that the Belgian Market Court had rendered an
    interim ruling and suspended its assessment of the Belgian Data
    Protection Authority’s (Belgian DPA) validation decision in
    relation to the Transparency & Consent Framework (TCF), pending
    the Court of Justice of the European Union’s (CJEU) preliminary
    ruling. You can read the press release here.

  • On September 11, 2023, the Italian data protection authority
    (Garante) announced, in its newsletter, its decision No. 322, as
    issued on July 18, 2023, in which it imposed a fine of €40,000
    on Compara Facile S.r.l., for violations of the General Data
    Protection Regulation (GDPR) and the Personal Data Protection Code,
    Containing Provisions to Adapt the National Legislation to the GDPR
    (the Code), following a complaint by an individual. You can read
    the decision here and the newsletter 
    here
    , both only available in Italian.

  • On September 11, 2023, the Finnish Office of the Data
    Protection Ombudsman (the Ombudsman) published its Decision in Case
    No. 8422/161/2021, as issued on July 6, 2023, in which its
    Sanctions Board imposed a fine of €23,000 on Suomen
    Yritysrekisteri Oy for violations of the General Data Protection
    Regulation (GDPR), following several complaints. You can read the
    press release here and the decision here, both only available in Finnish.

  • On September 12, 2023, the Spanish data protection authority
    (AEPD) published its decision in Proceeding No. PS-00456-2023, in
    which it imposed fines for a total of €70,000 on Banco Bilbao
    Vizcaya Argentaria, S.A. (BBVA) for violations of the General Data
    Protection Regulation (GDPR), following a complaint submitted by an
    individual. You can read the decision, only available in
    Spanish, here.

  • On September 13, 2023 the Croatian Personal Data Protection
    Agency (AZOP) announced that it had imposed an administrative fine
    of €25,000 on Zagrebački holding d.o.o., for violations
    of the General Data Protection Regulation (GDPR), following a
    complaint from an individual. You can read the decision, only
    available in Croatian, here.

Legislation

  • On September 11, 2023, the UKs Department for Science,
    Innovation, and Technology (DSIT) published draft amendments (the
    Amendments) to the UK General Data Protection Regulation (UK GDPR)
    and Data Protection Act 2018 (DPA 2018), as well as an Explanatory
    memorandum on the Amendments. You can read the announcement here, the Amendments here, the Explanatory memorandum here, and track the Amendments’
    progress here.

Guidance & Draft Guidance

  • On September 6, 2023, the German Data Protection Conference
    (DSK) published its opinion on the draft law amending the Federal
    Data Protection Act, published on August 29, 2023, by the German
    Federal Ministry of Interior, Building, and Community (BMI). You
    can read the opinion here and the draft law here, both only available in German.

  • On September 7, 2023, the United Nations Education, Scientific
    and Cultural Organization (UNESCO) published Guidance for
    generative AI in education and research. You can read the press
    release here and download the Guidance here.

  • On September 7, 2023, Czechia’s National Office for Cyber
    and Information Security (NÚKIB) published a guide for
    supplier management in relation to cybersecurity risk assessment.
    You can read the press release here and the guide 
    here
    , both only available in Czech.

  • On September 7, 2023, Israel’s Privacy Protection Authority
    (PPA) announced that it is seeking public comments on the draft
    guideline on the role of the board of directors in fulfilling the
    company’s obligations under the Protection of Privacy
    Regulations (Data Security) (the Regulations). You can read the
    press release here and the draft guidelines here, both only available in Hebrew.

  • On September 13, 2023, the UK’s Information
    Commissioner’s Office (ICO) announced via LinkedIn that it has
    published its Smart Data Foundry Regulatory Sandbox Final Report.
    You can read the LinkedIn post here and the report here.

Data Protection Authority Updates and Privacy News

  • On September 4, 2023, Germany’s Thuringian data protection
    authority (TLfDI) published its opinion on the German Data
    Protection Conference’s (DSK) application instructions on the
    European Commission’s adequacy decision for the EU-US Data
    Privacy Framework (DPF). You can read the press release, only
    available in German, here.

  • On September 6, 2023, the European Data Protection Supervisor
    (EDPS) issued its opinion on the European Commission’s Proposal
    for a Regulation on European Statistics, which aims at making the
    legal framework governing European statistics fit for the future
    and improving the responsiveness of the European Statistical System
    to data needs. You can read the opinion here.

  • On September 7, 2023, the Swedish data protection authority
    (IMY) published its Decision No. IMY-2022-6945, as issued on the
    same date, in which it determined the requirements that bodies
    tasked with monitoring compliance with codes of conduct must meet
    in order to be accredited under Article 41(2) of the General Data
    Protection Regulation (GDPR). You can read the press
    release here and the decision here, both only available in Swedish.

  • On September 7, 2023, the Council of Europe (CoE) announced
    that the President of the Swiss Confederation had transmitted the
    instrument of ratification of the Protocol of Amendment to the
    Convention for the Protection of Individuals with regard to
    Automatic Processing of Personal Data ( Convention 108+). You can
    read the press release here and access Convention 108+ here.

  • On September 7, 2023, Israel’s Privacy Protection Authority
    (PPA) announced that it is seeking public comments on the draft
    guideline on the role of the board of directors in fulfilling the
    company’s obligations under the Protection of Privacy
    Regulations (Data Security) (the Regulations). You can read the
    press release here and the draft guidelines here, both only available in Hebrew.

  • On September 7, 2023, Türkiye’s Personal Data
    Protection Authority (KVKK) announced a data breach that occurred
    within Hotiç Ayakkabı San. ve Tic. A.Ş.. You can
    read the press release, only available in Turkish, here.

  • On September 7, 2023, the UK’s Information
    Commissioner’s Office (ICO) issued a statement in response to a
    report by Which? alleging that smart devices were harvesting
    consumers’ personal data. You can read the statement here.

  • On September 8, 2023, the UK’s Information
    Commissioner’s Office (ICO) announced on LinkedIn that it had
    published a summary of its data protection audit report of the
    Police Service of Northern Ireland (PSNI), which the ICO conducted
    in May 2023. You can read the statement here and the audit summary here.

  • On September 11, 2023, the Spanish data protection authority
    (AEPD) released a blog post providing insights into the realm of
    digital currencies, focusing on cryptocurrencies and Central Bank
    Digital Currencies (CBDCs). You can read the blog post, only
    available in Spanish, here.

  • On September 11, 2023, the Irish Data Protection Commission
    (DPC) announced the outcome of the prosecution proceedings against
    Chill Insurance Limited, Hidden Hearing Limited, the Multiple
    Sclerosis Society of Ireland, and Vodafone Ireland Limited. You can
    read the press release here.

  • On September 11, 2023, the Danish data protection authority
    (Datatilsynet) published, its decision in Case No. 2021-31-5667, as
    issued on March 27, 2023, in which it expressed criticism against
    OrderYOYO A/S, for violations of the General Data Protection
    Regulation (GDPR), following a complaint made to the Datatilsynet.
    You can read the press release here and the decision here, both only available in Danish.

  • On September 12, 2023, the UK’s Information
    Commissioner’s Office (ICO) announced that it had signed a
    Memorandum of Understanding (MoU) with the National Cyber Security
    Centre (NCSC) on the development of cybersecurity standards and
    guidance to improve the cybersecurity of organizations. You can
    read the press release here.

  • On September 12, 2023, the Dutch Consumers Association (the
    Consumentenbond) and the Data Privacy Foundation (the Data Privacy
    Stichting) announced that they had filed a court case against
    Google LLC., for violation of user privacy rights. You can read the
    press release here and the mass claim here, both only available in Dutch.

  • On September 12, 2023, the Danish data protection authority
    (Datatilsynet) published, its decision in Case No. 2022-31-6316, as
    issued on the same date, in which it expressed criticism against a
    housing association, for violations of the General Data Protection
    Regulation (GDPR), following a complaint made to the Datatilsynet.
    You can read the press release here and the decision here, both only available in Danish.

  • On September 13, 2023, the UK’s Information
    Commissioner’s Office (ICO) made an announcement regarding the
    sentencing of Rachel Anderton, a former family intervention officer
    at St Helens Borough Council for unlawfully accessing social
    services records. You can read the press releases here and here.

Other Privacy News

  • On September 11, 2023, the UK’s National Cyber Security
    Centre (NCSC) announced that it had published a white paper on
    ransomware, extortion, and the cybercrime ecosystem, in partnership
    with the National Crime Agency (NCA). You can read the press
    release here and the report here.

  • On September 11, 2023, Germany’s Federal Office for
    Information Security (BSI) published a draft update to the
    Technical Guideline (TG) TR -03170 on secure digital transmission
    of biometric photographs from service providers to passport, ID
    card, and immigration authorities, requesting comments on the same.
    You can read the announcement here and the draft update here, both only available in German.

  • On September 13, 2023, the European Commission published
    President Ursula von der Leyen’s 2023 State of the Union
    address, which discussed, among other things, the challenges and
    opportunities of artificial intelligence (AI). You can read the
    address here.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Privacy from Worldwide

State Data Breach Notification Laws

Foley & Lardner

While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice.



Source link

Leave a Response