European data retention rules for telcom companies are fragmented and should be addressed by the EU during its regulatory simplification push, the GSM Association and ConnectEurope said in comments posted this week. They were responding to a European Commission consultation on data retention by service providers for criminal proceedings.
GDPR
The General Data Protection Regulation (GDPR) is the European Union’s landmark privacy law governing how organizations collect, process and protect personal data. In effect since 2018 it applies to any entity handling EU residents’ information regardless of where the company is based and imposes strict requirements around consent, transparency, data minimization and user rights. GDPR enforcement has led to billions in fines against global companies setting a high bar for compliance frameworks worldwide and influencing privacy legislation in the U.S. and other regions.
Ireland tapped Niamh Sweeney, a former Meta executive, as a commissioner on the country’s Data Protection Commission. The appointment brought quick reaction from critics who said Ireland had bowed to pressure from U.S. big tech to the detriment of GDPR protections.
While both the EU and U.K. use legitimate interest as a basis for processing personal data, the U.K. Data Use and Access Act (DUAA) has introduced "something interesting" -- a more flexible standard that can reduce administrative burden in some cases, said Daniel Vinerean, managing director of law firm David and Baias, during a webinar Thursday.
The Swedish Data Protection Authority (DPA) responded Wednesday to what it said were "many questions" about how data controllers should handle situations where cyberattacks on data have led to publication of personal data on the dark web.
The European Data Protection Board (EDPB) guidelines published Friday marked its first advice on the interplay between the General Data Protection Regulation (GDPR) and Europe's new digital laws, it said.
The Hamburg Commissioner for Data Protection and Freedom of Information Wednesday unveiled a draft discussion paper aimed at building a bridge between the General Data Protection Regulation and the EU AI Act.
The variety in privacy laws and standards give companies some flexibility in how consent banners are displayed on their websites, said panelists during an IAPP webinar Tuesday. But they cautioned that teams throughout an organization must understand how trackers operate on the site and what data is collected.
Europe's public interest and digital sectors dueled over the European Commission's plans to reduce regulatory burdens, including the General Data Protection Regulation (GDPR), in documents published Tuesday.
Data minimization is an evolving regulatory landscape that is garnering increased awareness lately as trust and transparency become more of a focus for organizations and data breaches highlight the impact of having extra data, said panelists during a webinar hosted by compliance vendor TrustArc on Thursday.
The EU General Court threw out a challenge to the EU-U.S. Data Privacy Framework (DPF) on Wednesday, confirming that the U.S. adequately protects Europeans' personal data and that trans-Atlantic data flows can continue.