SypherPrivacyTalks - April 2024 - Week 17
by Sypher - April 24, 2024
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
Rounding up five recent CJEU cases on GDPR compensation
insideprivacy.com • 7 min read
π©βοΈ This article by Covington's Data Privacy and Cybersecurity Practice discusses five recent rulings by the European Court of Justice ("CJEU"). The rulings provide clarity on the scope of an individual's right to claim compensation for "material and non-material damage" under Article 82 of the GDPR.
These decisions will also inform businesses' exposure to compensation claims, particularly in the context of the EU's Collective Redress Directive. Questions remain as to the level of compensation that courts will offer in these cases… read more
EDPB opinion: Meta cannot rely on "Pay or Okay"
π The European Data Protection Board (EDPB) issued its first 'Pay or Okay' decision in relation to major online platforms such as Instagram and Facebook.
This decision prohibits Meta from using an unlawful consent request to process personal data. Meta now appears to have now run out of options to continue using people's data for advertising in the EU without a consent mechanism that complies with the law.
The EDPB also mentioned the possibility of introducing a third option beyond "pay or OK", which has so far been largely ignored by the industry… read more
How does the American privacy rights act protect children?
techpolicy.press • 2 min read
πΈ While the draft American Privacy Rights Act (APRA) does not contain as many provisions related to minors as the previously proposed comprehensive data protection law, the bill does contain some details that would affect the use of minors' data.
These include the definition of a covered minor, the sensitive data covered, and more technical issues such as algorithmic harm assessments... read more
NIS2 implementation enters the final stretch – six months to deadline
insideprivacy.com • 2 min read
β³In six months' time, on 17 October 2024, member state laws implementing the EU's revised Network and Information Systems Directive ("NIS2") will come into force.
NIS2 significantly expands the categories of organisations that fall within the scope of EU cybersecurity legislation.
This new, cross-sector legislation imposes additional and more detailed security and incident reporting requirements, enhanced governance requirements applicable to the "management bodies" of organisations, and creates a stricter enforcement regime… read more
DPC Ireland launches coordinated enforcement action on right of access
π’ Ireland’s Data Protection Commission (DPC) has announced its participation in the European Data Protection Board's 2024 Coordinated Enforcement Framework (CEF).
The CEF is a pan-European initiative whereby the European Data Protection Board (EDPB) prioritises a specific aspect of data protection law and then works with other data protection authorities to ensure that the selected aspect is adequately enforced.
The 2024 initiative is centred on the right of access. To date, 31 supervisory authorities in the European Economic Area have announced their participation in the CEF… read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
