Data Protection Weeky 24/2022

Jun 17, 2022

European Union

EDPB adopts guidelines on certification as a tool for transfers

The EDPB adopted on 17 June 2022, guidelines on certification as a tool for transfers.

By these guidelines, the EDPB intends to provide clarification on the practical use of this transfer tool.

They are composed of 4 parts :

  • Purpose, scope and the different actors involved;
  • Implementing guidance on accreditation requirements for certification bodies;
  • Specific certification criteria for the purpose of demonstrating the existence of appropriate safeguards for transfers;
  • The binding and enforceable commitments to be implemented.

You can read the public release, here.

 

National Authorities

UK: The Data Reform Bill scrapes parts of GDPR

The UK Government has unveiled on 17 June 2022, the details behind the long-awaited proposal to replace the GDPR with more flexible and less stringent data protection legislation.

You  can read the consultation outcome, here.

 

Switzerland: FDPIC advises Suva against outsourcing data processing to Microsoft Cloud Services

In view of certain differences of legal opinion, the FDPIC is advising Suva to reconsider the decision to outsource its personal data processing to a cloud service operated by the US company Microsoft.

You can read the FDPIC decision, here only available in German.

 

France: CNIL announces Study on Geolocation Data Collection by Mobile Apps

The CNIL announced on 13 June 2022, that it had launched a study on the geolocation data collected by mobile applications.

In this objective, the CNIL intends to purchase a file from a data broker with timestamped geolocation data that features more than 5 million smartphone advertising identifiers from a one-week period in 2021.

You can read the press release, here.