– EDPB Adopts Three New Guidance Documents –
In its June plenary session, the EDPB adopted three new guidance documents. The first document is ‘Guidelines on Codes of Conduct’ which aims to ‘provide practical guidance and interpretative assistance in relation to the application of Articles 40 and 41 of the GDPR’. The second document is ‘Annex to the Guidelines on Accreditation’ which aims to provide ‘guidance for the specification of “additional” accreditation requirements with respect to ISO/IEC 17065/2012 and in accordance with Articles 43(1)(b) and 43(3) GDPR’. The third document is ‘Annex 2 to the Guidelines on Certification’ which aims to provide ‘guidance for review and assessment of certification criteria pursuant to Article 42(5)’ GDPR.
– New Eurobarometer on Data Protection –
Questions surrounding the degree of EU citizens’ awareness and support for data protection legislation play a role in all European data protection discussions. On 13th of June the European Commission published a special Eurobarometer on data protection. This new Eurobarometer shows that EU citizens are well-aware of their rights under the GDPR. Citizens are particularly aware of rights to access and rectify data and, unsurprisingly, the right to erasure. Significantly, this Eurobarometer shows an increase in awareness of data protection rights in relation to previous Eurobarometers dealing with the topic.
– ICO Identifies Systematic Deficiencies in Adtech –
The ICO has released a report identifying nine areas in which the Adtech industry was found to have behaved illegally with regards to personal data processing. These areas range from the legal basis used to justify processing to the adequacy of security measures. In light of this report, the industry is expected to review its practices and to make changes to ensure future compliance. The ICO is planning further steps and engagement with the industry to review practices. Significantly, however, no mention of fines or sanctions has been made.
– The Right to Complain before National Courts –
The Austrian Supreme Court has ruled that everyone has the right to bring a complaint before the national court in the Member State in which they are domiciled on grounds of non-compliance with the GDPR. Specifically, the Austrian court ruled that it had jurisdiction to hear complaints against Facebook, whose European headquarters is in Ireland. Thus, in casu, Facebook would have to comply with both Austrian and Irish data protection requirements, and not only with Irish data protection requirements as the company had insisted. This judgment comes shortly after the Irish Supreme Court rejected an appeal by Facebook to prevent referral of questions on the legality of the Privacy Shield and Standard Contractual Clauses (SCC) to the CJEU.
– Libra Cryptocurrency: A Personal Data Reservoir –
On June 18th, the Libra cryptocurrency was formally announced. The cryptocurrency is being pushed forward by an association – the Libra Association – co-founded by Facebook and other companies. Control over a currency system offers huge potential in the extraction and analysis of users’ wealth and financial transaction data. Personal data analysis forms a core aspect of a number of Libra Association members’ business models. The details on access to Libra users’ wealth and financial transaction data are not yet clear. If it comes to light, however, that Libra Association members will have such access, a new frontier in data protection will come into being.
The usage of Facebook, e.g. sharing, liking and posting, has significantly decreased since April 2018 – although the number of users and log-ins has not decreased as drastically. This trend has been tied to the series of data protection, privacy and hate speech scandals related to Facebook over the past year. This makes interesting reading for two reasons. First, the data indicates a weakening in the facebook platform’s social media dominance. Second, the data suggests that privacy and data protection concerns may indeed be having an impact on social media usage.