This week has been no different from the previous weeks in terms of fines and penalties within the privacy world. Some new regulations, possible fines and a few compliance disputes. Apple is still on its streak of compliance problems week after week, Google is not far behind either, the German court has been particularly kind this time around on fines, the Spanish AEPD enforced new guidelines on advertising code of conduct and more privacy news below.
Compliance is essential. Fulfil your privacy obligations in the simplest way possible with the help of Seers. We can help you take care of your privacy protection requirements in a seamless manner to reduce risk of litigation, privacy failure and loss of reputation and business.
Top stories of the week
Apple faces privacy cases in Europe by the same activist who busted the Privacy Shield
The consumer rights activist Max Schrems has filed a formal privacy case against Apple. The basis for the case argues that the ID generated by iPhones that lets advertisers track users violates privacy regulations under the GDPR.
Schrems, previously filed a lawsuit against Facebook that led to a landmark ruling restricting data transfers from the EU to the US. This had global implications. His case has been filed by his privacy rights non-profit Noyb, which has filed formal complaints in Spain and Berlin against Apple.
At the core of the complaint is Apple’s generation of the IDFA (Identifier for Advertisers) on each iPhone. Advertisers can then use the IDFA to track users across various apps, and better target them for personalised advertising.
Read more here
Google forces developers to reveal Chrome extensions’ data use & privacy practices
Google has updated its privacy practices. Starting January 2021, developers of Chrome extensions will have to certify their data use and privacy practices and provide information about the data collected by the extension(s). This must be accomplished “in clear and easy to understand language,” in the extension’s detail page in the Chrome web store. This is one of Google’s key steps to cover up the huge gap between its privacy protection responsibilities and performance.
“We are also introducing an additional policy focused on limiting how extension developers use data they collect,” Google said.
Read more here
German court drastically reduces GDPR fine
Germany has witnessed some of the breakthrough precedents when it comes to GDPR fines. The German Data Protection Authorities (DPA) has been very active on issues concerning the privacy of individuals under the GDPR. They use their guidance paper on how to measure GDPR fines in October 2019 for fine calculations.
One of these DPA sanctions was recently subject to revision at the Regional Court of Bonn, with a remarkable cut-back of the fine by roughly 90%. There is a lot of proof of cooperation and good faith in this action.
Read more here
European Commission releases draft Standard Contractual Clauses (SCCs) impacting international data transfers
Further to the European Data Protection Board (EDPB)’ issuing of new recommendations on international data transfers after the European Court of Justice’s July 16 Schrems II decision. The European Commission has release a draft set of new Standard Contractual Clauses (SCCs) and a draft implementing decision.
This new draft set of clauses allows for 2 new types of data transfer (EU-based processor to ex-EU processor, and EU-based processor to ex-EU controller) and contains important updates to bring the text of the clauses in line with the General Data Protection Regulation (GDPR). The draft clauses will be subject to consultation with the EDPB, and there are a few points of potential disagreement between the Commission’s draft and the EDPB’s guidance.
Read more here
The Spanish Supervisory Authority enforces a GDPR code of conduct on advertising
The Spanish Supervisory Authority (“AEPD”) approved a “Code of Conduct for Data Processing in Advertising” (“Code”) on September 16th 2020. You can see the decision approving the code here
This is the first GDPR approved Code of Conduct with an accredited monitoring body in the European Union. The Code enters into effect on November 17, 2020, two months after its approval. So essentially, from this week onwards, companies falling under the mandate of the AEPD must abide by the code of conduct presented to them.
Read more here
GDPR Staff eTraining
Did you know that you can avoid several lawsuits just by clearly defining your staff’s role and training them to correctly protect the privacy of data subjects by implementing the relevant policies and procedures? Our GDPR Staff eTraining Solution is an interactive and flexible online course that will train your staff to understand their responsibilities and obligations under the GDPR. This will protect your organisation to improve compliance with data privacy regulations and limit liability.
Reduce chances of litigation, fines and reputational damage!