Irish DPC to potentially suspend Facebook data transfers
Ireland’s Data Protection Commission (DPC) will potentially suspend Facebook’s data transfers between the EU and the US. Meta, Facebook’s parent company has 28 days to respond to the preliminary decision, after which it will be presented to the European Data Protection Board (EDPB) members under Article 60 of the EU General Data Protection Regulation (GDPR). The ruling could impact thousands of businesses that rely on the same transfer mechanisms to transfer data between the US and the EU. Meta said that the decision “would be damaging” to “millions of people, charities and businesses” who rely on Meta’s services. They also emphasized the need for a “long-term solution on EU-US data transfers.”
Civil groups say individuals should have the right to sue US tech companies under EU rules
A coalition of civil groups and academics called on EU lawmakers to give individuals the right to sue US companies that violate the Digital Markets Act (DMA). EU lawmakers are finalizing the DMA, which will target large digital platforms operating in the EU, including Apple, Google, Facebook, Amazon, and Microsoft. The draft DMA aims to create a fairer business environment by establishing new rules for these “gatekeeper” companies. The current draft allows business users to sue, but not individuals.
Data Act draft published by European Commission
The European Commission published their draft Data Act on February 23, 2022, which will regulate the use and access of data generated in the EU. The draft legislation has provisions on sharing data, conditions for access by public bodies, international data transfers, cloud switching, and interoperability. The European Commission’s press release said that the act “will ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible for all.”
CPRA regulations run into delays
The California Privacy Protection Agency (CPPA) is behind schedule on rulemaking for the California Privacy Rights Act (CPRA). The Agency continues to face hurdles in hiring staff and starting operations. CPRA enforcement is scheduled to begin on July 1, 2023, but a formal extension of the deadline could be possible. Informational hearings on CPRA rulemaking will be held in March and April 2022. The CPRA will amend and expand the 2018 California Consumer Privacy Act (CPPA).