Cyprus, which assumes the EU Presidency Thursday for a six-month term, said its priorities include regulatory simplification via the European Commission's proposed omnibus packages and cutting red tape. The EC's digital omnibus, published Nov. 19, includes tweaks to the GDPR, which have stirred controversy (see 2511190005).
GDPR
The General Data Protection Regulation (GDPR) is the European Union’s landmark privacy law governing how organizations collect, process and protect personal data. In effect since 2018 it applies to any entity handling EU residents’ information regardless of where the company is based and imposes strict requirements around consent, transparency, data minimization and user rights. GDPR enforcement has led to billions in fines against global companies setting a high bar for compliance frameworks worldwide and influencing privacy legislation in the U.S. and other regions.
U.S. attempts to pressure the EU to back off its digital rules could backfire against American tech companies, telecom consultant Innocenza Genna wrote Dec. 24 on his blog.
The new year will bring continued focus on the EU digital omnibus, GDPR reform in the U.K. and EU, AI governance, and cross-border data transfers, privacy lawyers predicted.
As retail marketing picks up speed, online advertisers and publishers are increasingly eyeing data clean rooms (DCRs) to ensure GDPR compliance, Fieldfisher data protection attorney Stephan Zimprich said in an interview last week.
French DPA CNIL fined computer systems and software designer Nexpublica France 1.7 million euros ($2 million) for failure to build sufficient security measures into a software package that resulted in data breaches, it said Wednesday.
French watchdog CNIL, which has a new role in regulating data sharing and use under the EU Data Act, set out rules of the road Monday.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
The Official Journal of the EU Monday published the grounds for French Member of Parliament Philippe Latombe's appeal of an EU General Court ruling tossing his challenge to the EU-U.S. Data Privacy Framework (DPF).
The European Commission renewed its two decisions allowing personal data flows between the EU and the U.K., it said Friday. It found that Britain's data protection legal framework is essentially equivalent to the EU's.
French data protection watchdog CNIL hit Mobius Solutions, a subcontractor that ran personalized advertising campaigns for Deezer, with a 1 million euro ($1.2 million) fine for serious GDPR violations, including failing to delete millions of people's data after ending its association with the music streaming app, it said Friday.