Week in Review
The Belgian data protection authorities fined a bank 75k Euro because its internal data protection officer was also the director of three divisions with decision-making responsibilities over the processing of personal data.
The supervisory authority resulted in a conflict of interest, which violated GDPR Article 38(6). According to the GDPR, the internal DPO may conduct additional responsibilities and functions, but there must be no conflict of interest between the controller and processor.
As the concurrent head of the Bank’s operational risk management, information risk management department, and particular investigation unit, this was not provided to him.
According to the Belgian DPA, these tasks are not purely advisory and supervisory. When the DPO has the authority to decide on the processing of personal data, a conflict of interest is assumed.
Furthermore, EDSA has published guidelines for avoiding conflicts of interest, depending on an organisation’s size, structure, and activities.
Top Stories and Updates
Saudi Arabia new data protection law: What businesses need to know
On 23 March 2022, Saudi Arabia passed its first comprehensive national data protection law, which governs the collecting, processing, and using personal data in the Kingdom. Organisations having operations in the Kingdom or that personal process data of Saudi citizens will have one year to comply with the ltest rules. Read more here.
Getty Images launches industry-first model release supporting data privacy
Getty Images has established a new model release to protect the artist community as machine learning, artificial intelligence gets more advanced and biometric data becomes increasingly important for data protection and privacy. According to Getty Images, the new release “will provide clarity and guidance as to how data, including visual content, may be collected and handled responsibly,” according to Getty Images. Read more here.
Google Analytics 4: Future analytics
Google has announced plans to update Google Analytics’ programming in order to comply with user privacy and regulatory compliance requirements. Analytics 4 adapts built-in privacy features of data collecting from the web and applications and will be functional by July 2021. In addition, the ability to log and keep IP address information has been curtailed. Read more here.
Spain: AEPD published guidance on dark patterns in social media interface
This week, The European Data Protection Board (EDPB) has published Guidelines on Article 60 of the GDPR. The guidelines provide designers and users of social media platforms with practical tips on identifying and avoiding so-called “dark patterns” in social media interfaces that violate GDPR laws. The guidelines outline the GDPR collaboration between SAs and aim to improve the consistency with the legal provisions relating to the one-stop-shop mechanism. Read more here.
Want to stay up to date on the latest privacy news updates?
Subscribe to Seers Privacy Newsletter to stay informed on the latest enforcements, regulatory, and guidance news from all around the globe.
