Weekly Privacy News Update – Episode 19

FEB 21 FEATURED IMAGE article.psd

Irish DPC to potentially suspend Facebook data transfers

Ireland’s Data Protection Commission (DPC) will potentially suspend Facebook’s data transfers between the EU and the US. Meta, Facebook’s parent company has 28 days to respond to the preliminary decision, after which it will be presented to the European Data Protection Board (EDPB) members under Article 60 of the EU General Data Protection Regulation (GDPR). The ruling could impact thousands of businesses that rely on the same transfer mechanisms to transfer data between the US and the EU. Meta said that the decision “would be damaging” to “millions of people, charities and businesses” who rely on Meta’s services. They also emphasized the need for a “long-term solution on EU-US data transfers.”

Source: IAPP, Irish Times

Civil groups say individuals should have the right to sue US tech companies under EU rules

A coalition of civil groups and academics called on EU lawmakers to give individuals the right to sue US companies that violate the Digital Markets Act (DMA). EU lawmakers are finalizing the DMA, which will target large digital platforms operating in the EU, including Apple, Google, Facebook, Amazon, and Microsoft. The draft DMA aims to create a fairer business environment by establishing new rules for these “gatekeeper” companies. The current draft allows business users to sue, but not individuals.

Source: IAPP, Reuters

Data Act draft published by European Commission

The European Commission published their draft Data Act on February 23, 2022, which will regulate the use and access of data generated in the EU. The draft legislation has provisions on sharing data, conditions for access by public bodies, international data transfers, cloud switching, and interoperability. The European Commission’s press release said that the act “will ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible for all.”

Source: IAPP, European Commission

CPRA regulations run into delays

The California Privacy Protection Agency (CPPA) is behind schedule on rulemaking for the California Privacy Rights Act (CPRA). The Agency continues to face hurdles in hiring staff and starting operations. CPRA enforcement is scheduled to begin on July 1, 2023, but a formal extension of the deadline could be possible. Informational hearings on CPRA rulemaking will be held in March and April 2022. The CPRA will amend and expand the 2018 California Consumer Privacy Act (CPPA).

Source: Compliance Week, JD Supra

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources