Privacy Updates This Week

Data protection bodies are becoming very stringent about cookie law compliance across the EU. General Data Protection Regulation (GDPR) outlines strict guidelines for companies to adhere to. Failure to do so results in bitter consequences such as in the case for Amazon and Google this week.

So, let’s get into the top stories of the week.

Top Stories and Updates

1- The Information Commissioner’s Office publishes the inaugural Data Sharing Code of Practice.

The Information Commissioner’s Office (ICO) has published its inaugural Data Sharing Code of Practice. The document, and a suite of new resources delivered in parallel, provides practical advice to businesses and organisations on how to carry out responsible data sharing.

Information Commissioner Elizabeth Denham suggests that the COVID-19 pandemic has brought the need for fair, transparent and secure data sharing into even sharper focus. “I have seen first-hand how sharing data between organisations has been crucial to supporting and protecting people during the response to the COVID-19 pandemic,” explained Denham. “That includes public authorities and supermarkets sharing information to support vulnerable people shielding or health data being shared to support the fast, efficient and effective delivery of pandemic responses”.

Provision for the Code of Practice was included in the Data Protection Act 2018 and it addresses many aspects of the new legislation including transparency, lawful bases for using personal data, the new accountability principle and the requirement to record processing activities.

Alongside the Code of Practice, the ICO has launched a data-sharing information hub where organisations can find targeted support and resources. This contains data sharing FAQs, Case Studies, data sharing checklists and a toolkit on sharing personal data with law enforcement.

2- CNIL Has Issued Fines Totaling £122m in Landmark ePrivacy Directive Cases.

Between December 2019 and May 2020, the French data protection authority (CNIL) conducted multiple online investigations by visiting google.fr and amazon.fr, before launching a full-scale investigation into Google LLC, Google Ireland, and Amazon Europe Core. On 7 December 2020, the CNIL handed down two decisions, one against Google LLC and Google Ireland, and another against Amazon Europe Core. They total to £122m.

Contrary to a previous sanction against Google LLC, which was triggered by specific complaints about its practices, the CNIL’s decisions indicate that the investigations were launched sua sponte with the specific aim of controlling the companies’ cookie practices.

Read more here.

3- Twitter fined £400K over a data breach in Ireland’s first major decision.

Ireland’s Data Protection Commission (DPC) has issued Twitter with a fine of £400K for failing to promptly declare and properly document a data breach under Europe’s General Data Protection Regulation (GDPR).

The decision is noteworthy as it’s the first such cross-border GDPR decision by the Irish watchdog, which is the lead EU privacy supervisor for a number of tech giants — having a backlog of some 20+ ongoing cases at this point, including active probes of Facebook, WhatsApp, Google, Apple and LinkedIn, to name a few.

Read more here.

4- Facebook reserves £250m for expected GDPR fines in Ireland.

Facebook Ireland has set aside £250m for possible fines from the Irish Data Protection Commission for violations of the General Data Protection Regulation.

Earlier this year in September, The Irish DPC’s ordered Facebook to halt the transfer of European citizens’ personal data to the United States could pose operational and legal challenges that set a precedent for not only other tech giants, but companies generally under the Schrems II case. The privacy protection ecosystem has been greatly affected by the fall of the privacy shield. There are a lot of revisions and clarifications expected in the coming few months to improve the understanding of the law under the current events.

Read more here.

Final Notice

You may be exposing your business to risk and potential damages. Seers can help you mitigate these challenges with a 30 minutes complimentary consultation with a leading privacy expert that you can book here. You can use this free consultation to reduce any chances of litigation, fines and reputational damage by identifying any key gaps/ risks and implementing strategies to mitigate these risks and any potential threats to the bare minimum.

Book your free 30 minutes Brexit privacy compliance consultation now! Last week to ensure Brexit compliance.

Don’t Risk €20 Million in Fines
—Ensure Compliance Today

Worth €30/Month