At the end of the Brexit transition period, while the UK and EU negotiate additional arrangements, the GDPR will be retained in domestic law but the UK will have the independence to keep the framework under review. Some important considerations are going to influence data privacy measures and business activity after the transition period is over.
You may be exposing your business to risk and potential damages. Seers can help you mitigate these challenges with a 30-minute complimentary Brexit privacy compliance consultation with our leading Privacy Expert that you can book here
Meanwhile, in the privacy world: fines, new regulations, bans on apps & businesses and tougher constraints across the world.
Here are the top stories of the week.
UK launches new watchdog to curb big tech
The Digital Markets Unit, is the new body that will sit within the existing Competition and Markets Authority (CMA) from April 2021 and work with other regulators, such as Ofcom and the Information Commissioner’s Office (ICO), to introduce and enforce a new code of conduct to be followed by big tech companies processing huge amounts of data and affecting people across the world and especially within the jurisdiction in the UK.
Read more here
Facebook warns about the use of its messenger API
Facebook has this week shared an update on its developer blog which outlines various restrictions on Messenger API usage as a result of its efforts to comply with Europe’s evolving data privacy laws.
Under the Schrems II verdict, Facebook says that the legal environment around the messenger API has changed. The following are deeply affected:
- Europe pages in all chats
- Pages with admins in Europe in all chats
- Any chats with people in Europe
Their warning confirms that there are some wide-reaching implications on data privacy of individuals that are residing online. Very tiny technical changes may impact virtually and in reality. Furthermore, brands along with individuals that use the Messenger API and have followers or connections within Europe are great affected by its policies.
Read more here
AEPD fines Telefónica Móviles España £68,000
The European Data Protection Board (EDPB) announced, that the Spanish data protection authority: AEPD has issued a resolution imposing a fine of £68,000 (75,000 Euros) on Telefónica Móviles España, S.A.U. for a violation of Article 6(1) of the General Data Protection Regulation (GDPR).
In particular, the EDPB noted that Telefónica Móvile had unlawfully processed the claimant’s personal data by charging them several invoices corresponding to a third person and that the AEPD considered that Telefónica Móviles violated Article 6(1) of the GDPR by processing the claimant’s personal data without any lawful basis, and consequently the fine.
Read more here
Norwegian DPA imposes administrative fine of £64,652 to Østfold HF Hospital
The Norwegian Data Protection Authority has decided on a fine of £64,652 (NOK 750,000) to Østfold HF Hospital. The background is that during the period 2013-2019, the hospital stored report extracts from patient records outside the safe zone. The case started with a notice of personal data breach from the hospital.
Read more here
GDPR fine of £17,953 for unlawful video surveillance
GDPR violation fine for unlawful video surveillance in an LSS housing project has been imposed of about £17,953 (SEK 200,000).
The Swedish Data Protection Authority received a complaint from a relative of a resident of a residential care home for persons with certain functional impairments in Gnosjö municipality, claiming that the resident was being monitored illegally. The Authority initiated an audit of the LSS housing and found the breach in the complainant’s bedroom. This was a direct violation of the Swedish Video Surveillance Act.
“The resident has been monitored in the most private sphere of the home, which led to a severe and unjustifiable interference with the residents’ right to privacy” says Jeanette Bladh Gustafson, lawyer at the Swedish Data Protection Authority’s unit for video surveillance.
Read more here
Complimentary Brexit privacy compliance consultation
Seers is offering 30-minute free consultation with our leading Privacy Expert to help you prepare for Brexit and become compliant with data privacy regulations. You can use this free consultation to reduce any chances of litigation, fines and reputational damage by identifying any key gaps/ risks and implementing strategies to mitigate these risks and any potential threats to the bare minimum. This consultation could cover areas such as: data sharing agreements, data transfer strategy, UK/ EU Representative and more.
Book your free 30-minute Brexit privacy compliance consultation now!
