TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe, 4 Oct. 2019 Related reading: Garante alleges OpenAI's ChatGPT violated GDPR



Greetings from the Nordics,

The past weeks have been very interesting because of several judgments from the Court of Justice of the European Union. This week, the CJEU gave its judgement in the “Planet49” case, in which the court said that explicit and specific consent is required to accept cookies and a pre-ticked check box is not sufficient. Also, cookie providers must inform users of certain things, such as how long the data will be processed and if the third parties can access the data. However, the judgment is silent on one vital issue: Can a service provider require that a user gives consent as if in “payment” for the use of the service? It will be interesting to see the judgement’s practical impacts on the websites and the use of cookies.

I believe that we will be discussing this judgement for some time.

Data protection authorities in the Nordics have for years worked in close cooperation in sharing information and experiences, as well as discussed joint strategies in enforcement. Within the past year, they have also been fairly active with enforcement actions, audits and local guidance. The Nordic DPAs met in Stockholm, Sweden, in May 2019 and agreed on certain steps for their co-operation. These include:

  1. The Nordic DPAs continue contributing to the European Data Protection Board’s work in order to guarantee a harmonized application of the GDPR.
  2. All DPAs have carried out a DPO audit, and the results will be published at the next joint meeting.
  3. The DPAs recognized the importance of accountability and agreed to support DPOs in their tasks to ensure compliance with the GDPR.

I believe we can expect to see joint operations and audits conducted by all the Nordic DPAs in which they use similar and efficient methodologies that have already been tested by one or some of them. The DPAs published a Swedish declaration of their meeting in Stockholm.

Finland started its Presidency of the Council of the EU 1 July 2019. One of the priorities in the program is to make the EU more competitive and socially inclusive. One key requirement for growth is a comprehensive single market that is among the world’s largest economies. It includes 500 million consumers and 21 million SMEs. Digitalization generates business opportunities for different sectors, such as health and mobility. Finland’s Presidency Program states that the data economy provides the basis for developing digital services, digital business and new technologies, such as AI. In order to promote the availability, interoperability and use of data, we also need to respect the rights and privacy of individuals. 

This means that we as privacy professionals are in the key roles in different sectors to make sure that new services and business models comply with the relevant regulation and respect rights of the individuals. I know we are ready for this task — all privacy pros, let’s do our share of the work!


If you want to comment on this post, you need to login.