13 January 2021 – EU supervisory authorities response to UK cross-border transfers
Following the finalisation of the TCA, a number of supervisory authorities in the EU issued statements in response. In addition, on 13 January 2021, the European Data Protection Board (
EDPB) issued updated versions of its Brexit information note and statement. The amendments in both documents reflect the provisions of the TCA allowing free flow of personal data from the EU and EEA countries to the UK during a period of six months during which the European Commission is expected to adopt an adequacy decision in relation to the UK.
The information note is available here and statement here.
Thursday, January 28, 2021
In honor of Data Privacy Day, we provide the following “Top 10 for 2021.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021.
COVID-19 privacy and security considerations.
During 2020, COVID-19 presented organizations large and small with new and unique data privacy and security considerations. Most organizations, particularly in their capacity as employers, needed to adopt COVID-19 screening and testing measures resulting in the collection of medical and other personal information from employees and others. This will continue in 2021 with the addition of vaccination programs. So, for 2021, ongoing vigilance will be needed to maintain the confidential and secure collection, storage, disclosure, and transmission of medical and COVID-19 related data that may now include tracking data related to vaccinations or the side effects of vaccines.
Data protection landscape more uncertain than last year, survey finds
Brexit, remote working and the Schrems II ruling are the top three concerns in terms of data protection for Irish businesses, according to a new survey.
In May of this year, GDPR will have been officially in effect for three years. In that time, a variety of data protection investigations, fines and breaches have been in the headlines and data protection came to the forefront of business concerns.
However, while plenty of businesses have stepped up their actions in the data protection and privacy space, the ever-changing landscape has caused many leaders to worry about ensuring maximum protection when it comes to the data their companies hold.
The privacy regulator found that Grindr violated article 58 of the General Data Protection Regulation by: Having disclosed personal data to third party advertisers without a legal basis ; Having disclosed special category personal data to third party advertisers without a valid exemption from the prohibition in article 9(1) GDPR, which provides exemptions for certain types of data, none of which are for advertising purposes.
Article 58 of GDPR (Source: EUR-Lex)
A Grindr spokeswoman tells Information Security Media Group: The allegations from the Norwegian Data Protection Authority date back to 2018 and do not reflect Grindr s current privacy policy or practices. We continually enhance our privacy practices in consideration of evolving privacy laws and regulations and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority.
Facebook Inc-owned messenger WhatsApp did not clearly communicate to users changes to its privacy policy, potentially making it difficult for people to decide whether to drop the service, Italy's data protection authority said on Thursday.