National Authorities

France: Appointment of a data protection officer: assessment of the formal notices issued to 22 municipalities

The President of the CNIL closed 18 of the 22 formal notices issued on April 25, 2022 against national municipalities (local authorities) having to appoint a data protection officer. As per the GDPR (Art37) the appointment of a DPO is mandatory in certain cases, when processing of personal data is carried out by a public authority or a public body. This obligation therefore concerns all local authorities, regardless of their size. For those municipalities that have not complied with the formal notice, the president of the CNIL may initiate enforcement measures where necessary. The CNIL announcement can be seen here.

Denmark: The Danish DPA becomes the latest EU DPA to conclude that the use of Google analytic is unlawful

The Datatilsynet, the Danish Data Protection declared that the Google Analytics tool does not comply with the GDPR’s requirements for international transfers. This follows the decisions from the Austrian, French and Italian DPAs. Read the story here: https://www.datatilsynet.dk/english/google-analytics/use-of-google-analytics-for-web-analytics

UK: ICO launches second consultation for views on draft guidance on processing workers’ health information

With new technology and the effects of the pandemic, the traditional workplace has changed. Whether that’s through a rise in remote working, the use of artificial intelligence to sift and respond to job applications or the increased use of monitoring technologies. Data protection is not a barrier to the use of new technology, but it should be seen as a guide on how to use such technologies responsibly

It is critical that employers realise the impact of using such technology on the privacy of their workers. On the other hand, workers have a right to know what is happening to their information.

A link to the consultation can be found here.

Data Protection Laws

Ukraine: Draft Data Protection Law

Despite the ongoing war, the draft Data protection law has been submitted to the Ukraine parliament. See ‘Data Guidance’ article from Nov 1: https://www.dataguidance.com/news/ukraine-draft-data-protection-law-submitted-0

  Social Media

Tik Tok says staff in China can access EU user data

TikTok updated its privacy policies for European users on Tuesday, adding explicit disclosures that personal data from the app may be viewed by employees in China. The Chinese-owned social video app is updating its privacy policy to confirm that staff in countries, including China, are allowed to access user data to ensure their experience of the platform is “consistent, enjoyable and safe”.

The announcement, which TikTok said was aimed at providing greater transparency, applies to users in the European Economic Area, the UK and Switzerland — not the United States, though TikTok said it does store European users’ data in the US and in Singapore. See the announcement here.