Data Protection Weekly 23/2022

Jun 10, 2022

European Union

Data Governance Act published in the official journal of the European Union

The Data Governance Act was published on 6 June 2022, in the Official Journal of the European Union.

You can read the final text, here.

 Case C154/21RW v Österreichische Post AGOpinion of Advocate General Pitruzzella on the extent of article 15 (1) (c) GDPR

According to Advocate General Pitruzella, « Article 15(1)(c) of Regulation (EU) 2016/679 of the GDPR must be interpreted as meaning that the data subject’s right of access, provided for therein, must necessarily extend, where the data subject so requests, to the identification of the specific recipients to whom his or her personal data are disclosed. That right of access may be restricted to an indication of the categories of recipient where it is materially impossible to identify the specific recipients to whom the personal data of the data subject are disclosed or where the data controller demonstrates that the data subject’s requests are manifestly unfounded or excessive, within the meaning of Article 12(5) of Regulation 2016/679. »

You can read the Opinion of Advocate General Pitruzzella, delivered on 9 June 2022, here.

 

National Authorities

Germany: Bavarian SA publishes a guide on risk analysis and DPIA

The BayLfD published a guide on risk analysis and DPIA addressed to Bavarian public bodies.

The guide presents the method and building blocks of a data protection risk analysis, explains the development of technical and organizational measures and provides practical tips for carrying out risk analyses.

The BayLfD  also made available tools and modules to perform the risk analysis and DPIA.

The modules are the following :

  • Module 1 : Description of a processing activity
  • Module 2 : DPIA necessity test
  • Module 3 : DPIA report for a processing activity
  • Module 4 : Resources “IT personnel management system”
  • Module 5 : “Video conferencing system” equipment
  • Module 6 : “Display workstation” resources

You can read the guide, only available in German, here

France: CNIL publishes Q&A for data transfers with Google Analytics

The CNIL published, on 7 june 2022, a Q&A dedicated to its compliance notices issued to companies over data transfers carried out through Google Analytic. 

The Q&A explains aspects of the notices, which include a 30-day compliance period as well as an explanation of the CNIL’s view on lawful and unlawful uses of Google Analytics.

You can read the Q&A, only available in French, here.

 

 

 

Latest Publications

CEDPO opinion on Guidelines 01/2022 (March 11, 2022)
CEDPO comments on Guidelines 05/2021 (February 14, 2021)

 

 

 

Site Search