In this week's global legislative roundup the European Data Protection Board adopted a statement welcoming the agreement in principle on the Trans-Atlantic Data Privacy Framework between the EU and the U.S. The EDPB also adopted a statement expressing concern that proposed legislative developments would negatively impact the Belgian Data Protection Authority and the "consistent application" of the EU General Data Protection Regulation. And, the European Parliament adopted the Data Governance Act. If approved by the Council of Member States, it will go into effect in mid-2023.
The latest
The European Data Protection Board expressed concerns about proposed legislative developments that would affect the Belgian DPA and the "the consistent application" of the GDPR.
More
ICYMI
In this piece for The Privacy Advisor, FTI Consulting's Ben Crew, CIPP/E, and Jack Fletcher, CIPP/E, break down the requirements in Saudi Arabia’s Personal Data Protection Law set to take effect March 17, 2023, and outline six steps organizations should follow to ensure compliance with the new law.
More
Enforcement
The Belgian Data Protection Authority fined Brussels Airport Zaventem and Brussels South Charleroi airport 200,000 and 100,000 euros, respectively, for conducting COVID-19 passenger temperature checks without “a valid legal basis to process these traveler health data.”
More
The Danish data protection agency, Datatilsynet, fined Danske Bank DKK 10 million kroner for not documenting personal data storage and deletion in accordance with the EU General Data Protection Regulation.
More
Reuters reports the Court of Justice of the European Union ruled against the broad retention of cellphone data by national authorities for criminal investigations.
More
The European Data Protection Board adopted a statement welcoming the agreement in principle on the Trans-Atlantic Data Privacy Framework between the EU and the U.S.
More
The European Parliament announced its vote to approve the proposed Data Governance Act.
More
The Irish Data Protection Commission imposed a 463,000 euro fine against Bank of Ireland Group for disclosing customer personal data to the Central Credit Register without authorization.
More
The Netherlands’ data protection authority, Autoriteit Persoonsgegevens, fined the Ministry of Foreign Affairs 565,000 euros for insufficient data protections within the National Visa Information System. The ministry could face additional fines of 50,000 euros every two weeks if violations are not corrected.|
More
Brazil
A proposal would amend Brazil’s General Data Protection Law and National Education Guidelines and Bases Law to enable the sharing of information from the School Census and the National Exam of Secondary Education.
More
Europe
Germany’s Federal Commissioner for Data Protection and Freedom of Information Ulrich Kelber recently delivered the annual report to the Bundestag, which stated the country had delayed implementation of the EU Data Protection Directive, Euractiv reports.
More
European Parliament announced its vote to approve the proposed Data Governance Act.
More
Euractiv reports members of European Parliament are drafting a new compromise proposal for the proposed Digital Services Act that would alter provisions around targeted advertising.
More
Privacy operations management
The ombudsman of Brazil’s data protection authority, the Autoridade Nacional de Proteção de Dados, presented its first annual management report for 2021.
More
France’s data protection authority, the Commission nationale de l'informatique et des libertés, published guidance on artificial intelligence.
More
Germany’s Federal Commissioner for Data Protection and Freedom of Information, the BfDI, published a report on the use of artificial intelligence in law enforcement and security which it states shows “a comprehensive, empirical and interdisciplinary inventory by the legislature is necessary.”
More
