European Union
Data Governance Act published in the official journal of the European Union
The Data Governance Act was published on 6 June 2022, in the Official Journal of the European Union.
You can read the final text, here.
Case C‑154/21 –RW v Österreichische Post AG – Opinion of Advocate General Pitruzzella on the extent of article 15 (1) (c) GDPR
According to Advocate General Pitruzella, « Article 15(1)(c) of Regulation (EU) 2016/679 of the GDPR must be interpreted as meaning that the data subject’s right of access, provided for therein, must necessarily extend, where the data subject so requests, to the identification of the specific recipients to whom his or her personal data are disclosed. That right of access may be restricted to an indication of the categories of recipient where it is materially impossible to identify the specific recipients to whom the personal data of the data subject are disclosed or where the data controller demonstrates that the data subject’s requests are manifestly unfounded or excessive, within the meaning of Article 12(5) of Regulation 2016/679. »
You can read the Opinion of Advocate General Pitruzzella, delivered on 9 June 2022, here.
National Authorities
Germany: Bavarian SA publishes a guide on risk analysis and DPIA
The BayLfD published a guide on risk analysis and DPIA addressed to Bavarian public bodies.
The guide presents the method and building blocks of a data protection risk analysis, explains the development of technical and organizational measures and provides practical tips for carrying out risk analyses.
The BayLfD also made available tools and modules to perform the risk analysis and DPIA.
The modules are the following :
- Module 1 : Description of a processing activity
- Module 2 : DPIA necessity test
- Module 3 : DPIA report for a processing activity
- Module 4 : Resources “IT personnel management system”
- Module 5 : “Video conferencing system” equipment
- Module 6 : “Display workstation” resources
You can read the guide, only available in German, here
France: CNIL publishes Q&A for data transfers with Google Analytics
The CNIL published, on 7 june 2022, a Q&A dedicated to its compliance notices issued to companies over data transfers carried out through Google Analytic.
The Q&A explains aspects of the notices, which include a 30-day compliance period as well as an explanation of the CNIL’s view on lawful and unlawful uses of Google Analytics.
You can read the Q&A, only available in French, here.