SypherPrivacyTalks - October 2024 - Week 43
by Sypher | Published in News - October 21, 2024
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
EDPB adopts guidelines on scope of ePrivacy Directive
📜 The European Data Protection Board (EDPB) recently adopted Guidelines 2/2023 on the technical scope of Article 5(3) of the ePrivacy Directive, following a public consultation. The Guidelines clarify how Article 5(3) applies to various tracking technologies beyond cookies. They build on previous opinions and aim to provide clarity on the technical scope of the Directive.
The Guidelines focus on three key areas: operations involving 'information', interactions with 'terminal equipment' and activities involving 'access to' or 'storage of' information. They also address use cases such as non-cookie tracking technologies, reflecting the evolving digital landscape… read more
Another view on this on Lexology, provided by Bristows LLP.
CPCA and ICO begin development of world’s first regulator-approved privacy certification for digital advertising
🎯 The Coalition for Privacy Compliance in Advertising (CPCA) has announced that it is working with the UK's Information Commissioner's Office (ICO) to create the world's first regulator-approved privacy certification for digital advertising technology.
This initiative aims to provide clear guidance on the application of the UK's General Data Protection Regulation (GDPR) to digital advertising, increasing regulatory transparency and minimising uncertainty in the market… read more
EU court ruling considers how GDPR applies to social media networks’ personalised ads
pinsentmasons.com • 3 min read
🧑⚖️ A recent ruling by the Court of Justice of the European Union (CJEU) clarified that social media platforms, such as Facebook, cannot use personal data collected outside of their platforms for targeted advertising without restrictions on data type or storage time.
The ruling emphasised the need for proportionate and transparent processing in line with GDPR guidelines, particularly when dealing with sensitive data. The case, initiated by privacy advocate Max Schrems, will now be referred back to the Austrian Supreme Court for further assessment based on these principles… read more
Ireland: General Scheme for the National Cyber Security Bill
🛡️ This article by A&L Goodbody discusses the incident reporting requirements for entities under Head 15 of the General Scheme of the National Cyber Security Act in Ireland, which is aligned with Article 23 of the EU's NIS2 Directive.
Scope entities must notify the National Cyber Security Centre (NCSC) of significant incidents that impact service delivery, following a staged reporting process: an early warning within 24 hours, a detailed incident report within 72 hours, and a final report within one month.
The article also highlights the overlap between NIS2 and other regulations, and advises organisations to prepare for multiple reporting requirements and potential regulatory scrutiny… read more
A view from Brussels: The EU acronym soup just got a few more spices in it
📢 The article covers key updates to legacy legislation such as NIS2, the Cyber Resilience Act (CRA) and the revised Product Liability Directive (PLD2) as they are implemented.
NIS2 improves cybersecurity for critical sectors, the CRA focuses on secure digital products and supply chain security, and PLD2 updates liability rules for digital products, including AI.
Only a couple of Member States met the 17 October deadline for implementing NIS2… read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
Photo by Christian Lue on Unsplash
