Privacy In Focus | April

April 1, 2022

by Leanna Cofano

We bring you a round up of articles and updates sourced from national data commissioners and leading privacy organisations.


IAPP: The sun came out just in time for London to host this years IAPP Conference – Data Protection Intensive: UK 2022.

Ito Onojeghuo, AllNet Law’s Head of Data Protection was glad to attend the summit, of which the theme revolved around ‘Walking the Fine Line of Change in 2022’. The programme explored a wide range of U.K.-oriented operational and governance issues, including international data transfers, AdTech’s evolution, ransomware attacks, and the influence of the U.K. Children’s Code.

Delegates enjoyed workshops by many insightful speakers on interesting topics such as that from Author, Artist and Professor Pragya Agarwal, who is a behavioural and data scientist consulting on Inclusive Workplaces, Reproductive Justice, AI & bias. She had us considering aspects of unconscious bias, inclusion and anti-racism. Further more John Edwards delivered his first speech as the Information Commissioner; see the video and transcript here to find out more about his vision for the IAPP going forward.

DPC: Check that you know your obligations as a Data controller in the private or public sector-

Find out more

EC: The European Commission urges Member States to act on ‘golden passports’ and ‘golden residence permits’ schemes, and to take immediate steps in the context of the Russian invasion of Ukraine.

Read more

ICO: The Information Commissioner’s Office has issued a fine to H&L Business Consulting Ltd £80,000 for texting out hundreds of thousands of text messages to the public even though they had not consented to receiving these.

Read more

UK: Whistle blowers and Freedom of information data has shed light on government handling of claims relating to disability. Read more here

This comes as The Guardian newspaper states that Freedom of Information Laws are being undermined and notes the government obstructing some requests. Read more here

Ireland: Social video platform Tik-Tok will open its long-planned European data centre in Ireland early next year, in an investment believed to be worth about €600 million.

Read more

Global: Tech giants including Google Cloud, Accenture, Confluent, Databricks, Dataiku, Deloitte, Elastic, Fivetran, MongoDB, Neo4j, Redis and Starburst have launched a Data Cloud Alliance, with a mission to “make data more portable and accessible across disparate business systems, platforms, and environments—with a goal of ensuring that access to data is never a barrier to digital transformation.”

Read more

EDPB: Following the Trans-Atlantic Data Privacy Framework announcement, an interesting viewpoint to delve into the particulars.

Read more

UK: ICO has written an interesting blog regarding the protecting children online taking into account the viewpoint of the little ones.

Read more

Italy: The National Institute for Social Security (Institute national Della previdenza sociale) had received the highest fine ‘public administration’ which is now being annulled.

Read more

China: IAPP’s ‘Top-5 Operational Impacts of China’s PIPL’ is now available in full regarding China’s Personal Information Protection Law, or PIPL, enacted Nov. 1, 2021.

Read more

CNIL: See below for the recently published a handy guide for appointing and supporting DPOs.

Read more

EDPS: EDPS published its Annual Report 2021 -Annual Report 2021: An efficient administration respects the rule of law.

The report highlights the EDPS’ achievements regarding European Union institutions’ (EU institutions) compliance with the data protection framework. The Report also underscores the EDPS’ increasing role in advocating for the respect of privacy and data protection in EU legislation.

See the executive summary report below

Read more

Europe: European Parliament announced the inaugural meeting of an inquiry committee dedicated to investigating the potential use of NSO Group’s Pegasus spyware software on and by EU member states.

Read more

Spain: Spanish authorities discuss the dissemination of videos with violent content on social networks and reporting where appropriate as the publication of these contents on social networks without blurring those who appear in them amplifies and perpetuates the humiliation of the victim and supposes in any case a processing of personal data without consent

The Spanish Agency for Data Protection has a Priority channel to request the removal of sexual or violent content published on the Internet without the permission of the persons appearing on them, in particular in cases of harassment of minors or sexual violence against women but also in situations of digital violence of all kinds.

Read more

DPC: The Data Protection Commission (DPC) has published a statistical report on the DPC’s handling of cross-border complaints under the GDPR’s One-Stop-Shop (OSS) mechanism.

Read more

Europe: EU readies ground-breaking law to force tech giants to clean up their platforms. This piece suggests that the UK is likely to follow plans for the biggest overhaul in 20 years of European policy towards the internet, considering the mirroring of EU regulations on tech since Brexit.

Read more

Global: IAPP has covered the story the establishment of the Global Cross-Border Privacy Rules Forum of the US along with Canada, Japan, the Republic of Korea, the Philippines, Singapore and Chinese Taipeias found here

Alternatively See US Department of Commerce direct information page:

Read more

ICO: The ICO have compiled a comprehensive Children’s Code Hub and advancements have been made in California.

The world-leading #ChildrensCode which sets out how online services that are likely to be accessed by children should be designed with protecting children in mind. It shows a real desire to move beyond protecting children from the digital world, but instead protect them within it.

The digital world is borderless, so it is important that the code gains recognition worldwide with more countries using it as a blueprint for their own laws and regulations. This will enable stronger digital protections for children around the world.

Very recently, the California Age-Appropriate Design Code Act passed the first committee stage on the path to becoming Californian law. This bill looks to introduce a design code in California (including Silicon Valley) that is inspired by the ICO’s Children Code.

ICO say they have been working behind the scenes with colleagues around the world to fly the flag for a consistent worldwide approach to designing online services with child protection built in.

As Jordan Cunningham, one of the Californian Assembley-man, said ‘the code “has already led to significant changes that are keeping the kids in the UK safer, and we need that in California, we need that in America”.

John Edwards, UK Information Commissioner, said: “The moves being made in California to follow in the footsteps of the ICO’s Children’s code speaks to the influence and leadership the UK has in the digital economy. A Californian law will further increase the protections that children have online, and continue a global trend towards sensible and practical regulation that keeps children safe to enjoy the benefits of the digital world.”

Access the hub here