DATA PROTECTION WEEKLY

European Union  EDPB Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority  The targeted update and this public consultation concern paragraphs 29-34 and points ii. and iii. under 2.d. of the Annex (marked in yellow in the document). Such comments on the updated parts only should be sent on 2nd December 2022 at the latest using the provided form.  This...

European Union Opinion of the Advocate General of the CJEU on the interpretation of Art. 82 GDPR in Case C-300/21  According to Advocate General Campos Sánchez-Bordona, the relevant Article 82(1) GDPR should be interpreted as follows:...

European Union DMA: Council gives final approval to new rules for fair competition online On 18 July 2022, the Council gave its final approval on new rules for a fair and competitive digital sector through the Digital Markets Act. The DMA will apply six months after it is signed by EU institutions and published in the Official Journal of the European Union. You can read the press release, here....

European Union EDPB releases opinion on EU Member States- Russia Data Transfers The EDPB published on 12 July 2022, an opinion on data transfers between EU members states and Russia. In its opinion, the EDPB reminds that following sanctions related to its invasion of Ukraine, Russia is « no longer a contracting party » to EU legal framework and therefore, data transfers with russian companies...

European Union EPRS publishes a report on opportunities, risks and policy implications of the Metaverse The EPRS published on 24 June 2022, a report dedicated to the opportunities, risks and policy implications of the Metaverse. According to the EPRS, the exact scope and impact of this immersive and constant virtual 3D world on society and the economy remains unknown, the metaverse will open up...

European Union CJEU ruling- Case C-534-20:  German provisions governing the termination of a DPO’s employment are compatible with EU law, but subject to restrictions In its judgment of 22 June 2022 (Case C-534/20), the CJEU ruled on the question whether the GDPR allows the applicability of the German provisions governing the dismissal of a DPO pursuant to the Federal Data Protection Act (BDSG)....