Privacy News 3/12/2021

Dec 6, 2021

European Union

Council and Parliament reach agreement on Data Governance Act

The Council of the European Union announced, on 30 November 2021, that it had reached a provisional agreement with the European Parliament on the DGA.

The provisional agreement is subject to approval by the Council, and will be submitted to the Council’s Permanent Representatives Committee for endorsement.

You can read the press release here.


Council proposes amendments to draft AI Act

The Slovenian Presidency of the Council of the European Union published, on 29 November 2021, its compromise text on the Proposal for a AI Act.

The changes introduced by the Council are related to:

  • The scope of the AI Act
  • The definitions
  • The prohibited AI practices

‘Personal data’ within the meaning of the AI Act should be intended as personal data defined under the GDPR

The compromise text also seeks to remove AI systems used for national security purposes from the scope of the AI Act and to extend the prohibition of using AI for social scoring to private actors.

You can read the compromise text here.


National Authorities

CNIL publishes guidance for use of multi-factor authentication online

The CNIL published, on 1 December 2021, guidance on the use of multi-factor authentication online.

The guidance describes what multi-factor authentication consists of and recommends that it should be chosen by users at all instances where it is offered by an online service providers.

The CNIL also recalls that banquet and payment services providers are required to implement multi-factor authentication for the majority of online payments, remote access to bank accounts, and for any such operation of a sensitive nature.

You can read the guidance, only available in French, here.