Privacy In Focus | March

March 3, 2022

by Leanna Cofano

We bring you a round up of articles and updates sourced from national data commissioners and leading privacy organisations.

ICO: The Information Commissioner’s Office (ICO) has issued a reprimand to the Scottish Government and NHS National Services Scotland over both organisations failure to provide people with clear information about how their personal information is being used by the NHS Scotland COVID Status app.

Find out more

CNIL: CNIL publishes a new White paper on payment data and means of payment, aiming to shed light on the main economic, legal and societal issues relating to data and means of payment, in the form of a White paper providing for perspectives, analyses and a roadmap for future work.

This White paper is intended for:

  • the general public: for a better understanding of the privacy issues relating to data and means of payment;
  • professionals: for developments on the CNIL’s points of vigilance in this area, as well as the priorities it foresees in terms of support.

Download White Paper

NCSC: Following the vulnerabilities disclosed at the end of last year regarding Apache Log4j. The National Cyber Security Centre is advising organisations to take steps to mitigate the Apache Log4j vulnerabilities.

Read more on the advice

AEPD: The Spanish Authority AEPD, approves the first sectoral code of conduct since the entry into force of the Data Protection Regulation. The code of conduct, promoted by Farmaindustria, regulates how the promoters of clinical studies with medicines and the CROs that decide to adhere to it must apply the data protection regulations.

Find out more

HDPA: Hellenic DPA imposed their LARGEST fine to telecommunications companies due to personal data breach and illegal data processing

Find out more

DDPA: Danish Data Protection Agency – Releases paper with Guidance on the use of ‘Cloud’ technologies

Download White Paper

EDPS: Released a report: EU Institutions’ resilience to COVID-19

Read more

EU: EU countries to call for the establishment of a cybersecurity emergency fund

Find out more

DDPA: Danish Data Protection Agency report on the three months success since the external whistle-blower scheme went live. Here you can read how many reports have come in so far and what has happened.

Read more

NCSC: Advice for organisations to take action to improve their resilience with the cyber threat heightened, since the invasion of Ukraine.

Find out more

DPC: Release of the full 2022-2027 regulatory strategy paper.

Download Strategy Paper

EDPS & EDPB: These leading institutions have collaborated to adopt a joint opinion on the extension of the EU Digital COVID Certificate Regulation.

Read more

EU & US:

U.S. President Joe Biden and European Commission President Ursula von der Leyen announced Friday that the U.S. and EU have reached a new trans-Atlantic data flow agreement

The European Commission Statement of 25 March 2022 from Brussels by Von der Leyen with Biden refers to key aspects relating to Data Protection as below-

Your presence here in Brussels this week at the NATO Summit, at the G7 and at our European Council sends a very powerful message to the world…

…we are continuing to reinforce our cooperation in many strategic ways: on humanitarian and security assistance to Ukraine; on energy; on fighting the threats against our democracies; on solving outstanding issues in the EU-US cooperation, including in data protection and privacy. In a world faced with disorder, our transatlantic unity upholds fundamental values and rules that our citizens believe in.

… we also need to continue adapting our own democracies to a changing world. This is particularly true when it comes to digitalisation, in which the protection of personal data and privacy has become so crucial. Therefore, I am very pleased that we have found an agreement in principle on a new framework for transatlantic data flows. This will enable predictable and trustworthy data flows between the EU and US, safeguarding privacy and civil liberties. I really want to thank Commissioner Reynders and Secretary Raimondo for their tireless efforts over the past months to find a balanced and effective solution. This is another step in strengthening our partnership. We manage to balance security and the right to privacy and data protection.

See IAPP’s coverage of the deal below

Read more

Datatilsynet: The Norwegian Data Protection Agency has established a project environment for artificial intelligence that makes use of personal data called a Sandbox.

Read more

NCSC: Statement of support for White House in call for increased cyber security precautions among organisations in response to the invasion of Ukraine.

Find out more

AEPD: Release of the 2021 Annual Performance report in Spanish –

See full Paper