Weekly Privacy News Update – Episode 11

Updated guide for developers and 30 new cookie notices announced by CNIL

A revised guide to the EU General Data Protection Regulation (GDPR) for web and app developers was published by the Commission nationale de l’informatique et des libertés (CNIL), France’s data protection authority. The updates focused on provisions regarding third-party cookies, other trackers, and audience measurement technologies. CNIL announced 60 cookie compliance notices and 30 new orders to organizations for not providing the option to refuse cookies as quickly as accepting them. Their inspection found cookies subject to consent unknowingly put in place with no user consent, with these are non-compliant information banners with cookies even with the rejection from users.

Source: IAPP,  CNIL

Grindr receives a lowered penalty for GDPR violations

Datatilsynet, the data protection authority (DPA) of Norway, issues its final decision penalizing the dating app Grindr with NOK 65 million for violation of the EU General Data Protection Regulation (GDPR). The penalty was reduced from the original NOK 106.4 million issued against the app last January. The penalty was reduced since Grindr provided more info to Datatilsynet, while the DPA was investigating the app for violations. The app still needs to delete personal data that was processed that violated the GDPR.

Source: IAPPDatatilsynet, IAPP

Digital Services Act endorsed by committee in EU Parliament

The Internal Market and Consumer Protection Committee of the European Parliament voted 36-7 in favor of the Digital Services Act (DSA). Additional packages of amendments, that include provisions for further transparency on targeted advertising practices and restriction on alleged “dark patterns.” Regarding the DSA, the EU is “democratically reclaiming our online environment,” said Christel Schaldemose, Danish Member of Parliament, she also added the legislation is “bringing EU technology regulation into the 21st century.” In January 2022, the European Parliament Plenary will vote on the amendments, if approved the EP will start the consultations together with the Council of the European Union.

Source: IAPP, European Parliament

EDPB will deliberate Article 58 of the GDPR and more

Plans for its 58th plenary session were announced by the European Data Protection Board (EDPB). This will include talks on supervisory authorities that used the EU General Data Protection Regulation’s Article 58 “as a legal basis to order ex officio the erasure of unlawfully processed personal data.” Also part of the discussion is the guidelines on data breach notification and evaluation of the law enforcement orders on the use of personal data by the law enforcement authorities.

Source: IAPP, EDPB


Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources