Aug 31
Danish DPA Data Protection Digital Markets Act EU-US cooperation EDPB hits Meta, the EU General Court explains the nature

Data protection and privacy authorities issue a joint statement on data scraping and data protection, new data protection legislation in Switzerland comes into effect, Norwegian Datatilsynet has published guidelines for monitoring employees.

Data protection and privacy authorities issue a joint statement on data scraping and data protection, new data protection legislation in Switzerland comes into effect, Norwegian Datatilsynet has published guidelines for monitoring employees.

Konstantin Tiazhelnikov Konstantin Tiazhelnikov
  • August 31, 2023 -

Twelve data protection and privacy authorities from around the world, including the UK’s ICO, have issued a joint statement regarding protecting personal data from unlawful scraping from social media sites. Such activity can lead to privacy risk and potential harm to individuals. The joint statement sets expectations on organisations having a lawful basis for using data when it is publicly available.

The joint statement also features ‘Takeaways’ which are as follows:

  • Personal information that is publicly accessible is still subject to data protection and privacy laws in most jurisdictions.
  • Social media companies and the operators of websites that host publicly accessible personal data have obligations under data protection and privacy laws to protect personal information on their platforms from unlawful data scraping.
  • Mass data scraping incidents that harvest personal information can constitute reportable data breaches in many jurisdictions.
  • Individuals can also take steps to protect their personal information from data scraping, and social media companies have a role to play in enabling users to engage with their services in a privacy protective manner.

***

Swiss authorities have revised the 1992 The Federal Act on Data Protection (FADP) and the new regulations will come into effect on 1 September 2023. Details of the updated legislation can be found here.

***

Norway’s data protection authority (Datatilsynet) has published guidelines for monitoring employees via company-issued electronic equipment.

According to the official press release, “digital work tools can record large amounts of information about employees. Monitoring of employees’ electronic equipment is therefore basically illegal. […] For employees, it can be challenging to know what information is collected, what is stored and how the information is used. Employers can also use the opportunity inherent in these tools to keep an eye on their employees. In Norway, we have separate regulations that apply to employers’ access to employees’ e-mail boxes and other electronically stored material. The regulation prohibits the monitoring of employees’ use of electronic equipment”.

See more related posts »

Related blog posts

DP News – Week 18. Dutch supervisory authority issued Guidelines on data scraping, CNIL published a self-assessment tool for Binding Corporate Rules (BCR), The Council of the European Union adopted a data transfer framework with Japan, Norway’s supervisory authority (Datatilsynet) released the 2023 annual report.
  • May 2, 2024 -

DP News – Week 17. EDPB released the 2023 annual report, outlined its 2024-2027 strategy and issued an information note on the EU-US Data Privacy Framework redress mechanism, Finnish DPA has decided on retention periods in the recruitment process.
  • April 25, 2024 -

DP News – Week 16. EDPB opinion: Pay-or-Consent models clash with GDPR consent requirements, EU Commission requested a risk assessment from TikTok, ICO launched a privacy notice generator, Catalan Data Protection Authority fines occupational health center for email confidentiality breach, Dutch chipmaker investigates data breach amidst security concerns.
  • April 18, 2024 -