Data Protection Weekly 6/2022

Feb 14, 2022

European Union

IAB Europe releases FAQs on Belgian DPA’s decision on its Transparency and Consent Framework

The IAB Europe published, on 9 February 2022, FAQs’ on the Belgian DPA decision regarding the compliance of its Transparency & Consent Framework with the GDPR.

The FAQs address questions, such as:

  • Are TCF participants at risk towards their local data protection authority?
  • Are TCF consent management platforms pop-ups illegal?
  • Should all data collected via the TCF be deleted?

You can read the press release here and the FAQs here.


National Authorities

Germany: LfDI Baden-Württemberg publishes 2021 activity report

The LfDI Baden-Württemberg published, on 9 February 2022, its activity report for 2021.

The LfDI Baden-Württemberg mainly focused its activity during the past year to advise ministries, companies, and the public on data protection issues relating to the COVID-19.

In its report, the LfDI Baden-Württemberg noted the significant increase in data breach reports (increase by more than 25%) and outlined that it had again received a lot of complaints in 2021.

The LfDI Baden-Württemberg noted that it had received less direct requests for advice.

According to the LfDI Baden-Württemberg, the year 2021 has shown an increase of the number of cyberattacks on authorities and companies. For the LfDI Baden-Württemberg, it is crucial that authorities and companies expand their efforts to improve IT security.

You can read the activity report here, only available in German.

Germany: Berlin Commissioner publishes teaching materials for schools

The Berlin Commissioner announced, on 8 February 2022, that it had published new teaching materials for primary schools on the subjects of data protection and security on the internet.

The teaching materials comprise of five different lessons where students learn what personal data is, what rights they have, and what needs to be considered when teaching online.

You can access the teaching materials here, only available in German.


France: CNIL launches consultation on GDPR awareness  draft guide for trade unions

The CNIL announced, on 8 February 2022, that it had launched a public consultation on a new GDPR awareness guide for trade unions. The draft guide aims to clarify identified difficulties in the application of data protection rules, with an overview of key terms and rules. It also includes 12 thematic fact sheets covering the application of key principles.

You can read the draft guide here, only available in French.



France: CNIL finds use of Google Analytics non-compliant with Chapter V of GDPR and orders website manager to comply

The CNIL announced, on 10 February 2022, that it had issued an order against an unnamed French website manager to comply with Chapter V of the GDPR, having found that transfers of personal data to the US carried out via Google Analytics were non-compliant with Article 44 of the GDPR, in light of the the CJEU Schrems II decision.

In its decision, the CNIL outlined that although Google had adopted additional measures to regulate data transfers in the context of the Google Analytics functionality, these were not sufficient to exclude the accessibility of this data for US intelligence services.

As a consequence, CNIL ordered the website manager to bring its processing into compliance with the GDPR, if necessary by ceasing to use Google Analytics (under the current conditions) or by using a tool that does not involve a transfer of personal data outside the EU.

The website manager has one month to comply.

You can read the press release here.