Updated guide for developers and 30 new cookie notices announced by CNIL
A revised guide to the EU General Data Protection Regulation (GDPR) for web and app developers was published by the Commission nationale de l’informatique et des libertés (CNIL), France’s data protection authority. The updates focused on provisions regarding third-party cookies, other trackers, and audience measurement technologies. CNIL announced 60 cookie compliance notices and 30 new orders to organizations for not providing the option to refuse cookies as quickly as accepting them. Their inspection found cookies subject to consent unknowingly put in place with no user consent, with these are non-compliant information banners with cookies even with the rejection from users.
Grindr receives a lowered penalty for GDPR violations
Datatilsynet, the data protection authority (DPA) of Norway, issues its final decision penalizing the dating app Grindr with NOK 65 million for violation of the EU General Data Protection Regulation (GDPR). The penalty was reduced from the original NOK 106.4 million issued against the app last January. The penalty was reduced since Grindr provided more info to Datatilsynet, while the DPA was investigating the app for violations. The app still needs to delete personal data that was processed that violated the GDPR.
Source: IAPP, Datatilsynet, IAPP
Digital Services Act endorsed by committee in EU Parliament
The Internal Market and Consumer Protection Committee of the European Parliament voted 36-7 in favor of the Digital Services Act (DSA). Additional packages of amendments, that include provisions for further transparency on targeted advertising practices and restriction on alleged “dark patterns.” Regarding the DSA, the EU is “democratically reclaiming our online environment,” said Christel Schaldemose, Danish Member of Parliament, she also added the legislation is “bringing EU technology regulation into the 21st century.” In January 2022, the European Parliament Plenary will vote on the amendments, if approved the EP will start the consultations together with the Council of the European Union.
Source: IAPP, European Parliament
EDPB will deliberate Article 58 of the GDPR and more
Plans for its 58th plenary session were announced by the European Data Protection Board (EDPB). This will include talks on supervisory authorities that used the EU General Data Protection Regulation’s Article 58 “as a legal basis to order ex officio the erasure of unlawfully processed personal data.” Also part of the discussion is the guidelines on data breach notification and evaluation of the law enforcement orders on the use of personal data by the law enforcement authorities.