Weekly Privacy News Update – Episode 25

EU-US data flow agreement welcomed by the EDPB

The European Data Protection Board (EDPB) released a statement welcoming the recently announced US-EU Trans-Atlantic Data Privacy Framework. In the statement, EDPB Chair Andrea Jelinek lauded US efforts to protect the personal data of European Economic Area (EEA) individuals. However, she emphasized that the announcement does not equate to a new legal framework, and that the EDPB plans to carefully review several aspects of the new framework, including details on data collection for national security purposes and how the US will deal with EEA individuals’ rights to “an effective remedy and to a fair trial.”

Source: IAPP, EDPB

Data Governance Act passed

The European Parliament approved the Data Governance Act (DGA) on April 6, 2022. The law seeks to expand safe data sharing, enabling companies and startups to obtain access to more data. Supporters of the legislation hope that it will encourage innovation and new product development and benefit individual consumers. Angelika Niebler, a German member of the European Parliament, said, “The possibilities are virtually limitless” when it comes to potential consumer benefits, though she added that “The neutrality of the data intermediation services is key.” The DGA still needs to be adopted by EU countries in the council before becoming a law.

Source: IAPP, European Parliament

Google and YouTube’s consent banners fail Hamburg’s data protection requirements

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has advised Google that its consent banner failed to meet its data protection requirements. The consent banner made giving consent easier and more accessible than rejection, which is unacceptable under several data protection regulations. French supervisory authority Commission nationale de l’informatique et des libertés (CNIL) fined Google in 2021 for the same issue. Hamburg Commissioner for Data Protection and Freedom of Information Thomas Fuchs said that Google is willing to implement the appropriate changes and that “Overall, a ‘reject all button’ must now become the standard for cookie banners.”

Source: IAPP, HmbBfDI

A spotlight on First-party data

Tech giants Google and Apple are distancing themselves from third-party tracking and moving towards first-party tracking, which relies on user consent to collect data. First-party tracking allows companies to collect data on consumers while they are on the company’s website or using the company’s app. Third-party tracking, which is losing favor due to privacy concerns, involves tracking consumers even as they go to other websites or apps. This switch to first-party tracking also has implications for small businesses that rely on targeted tracking for advertising, as it may be necessary for them to move towards working with large companies that gather first-party tracking data.

Source: IAPP, The New York Times


Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources