Three data protection authorities (from Norway, the Netherlands, and Hamburg, Germany) seek EDPB position on ‘pay or OK’ advertising model. 

According to the Datatilsynet’s (Norwegian DPA) press release, “Recently, more and more services have begun to give users a choice: Either you must consent to being tracked and profiled for marketing purposes, or you must pay a fee (“pay or ok”). If you do not choose one or the other, you may be banned from using the Service. At the same time, the privacy regulations require that when businesses ask for consent to use personal data, the choice must be completely voluntary. The question is to what extent this type of solution fulfills the requirement of voluntariness. […] The choice between consenting or paying can be particularly problematic when it comes to large and popular services with many users. Many people may feel dependent on such services, for example because it is where all their friends or colleagues are, or because it is where important information or popular content is shared. An important question is whether this type of circumstance makes you feel pressured to consent, especially if you can’t afford it”.

Click here to find out more.

***

The European Data Protection Board (EDPB) has released a website auditing tool for GDPR compliance. 

According to the EDPB’s press release, the tool “can be used to help analyse whether websites are compliant with the law. The tool was developed in the context of the EDPB Support Pool of Experts (SPE) and can be used by both legal and technical auditors at data protection authorities (DPAs), as well as by controllers and processors who wish to test their own websites. […] The new tool allows preparing, carrying out and evaluating audits directly in the tool by a simple visit to the website in question. The tool is also compatible with other tools, such as the EDPS website evidence collector, and allows auditors to import and evaluate the results of audits carried out on those tools. Finally, the tool can generate reports. 

Click here to find out more.

***

National Institute of Standards and Technology (NIST) has announced that its widely known Privacy Framework will be updated to version 1.1. 

According to the NIST’s statement, “The initial version was modeled upon the CSF [NIST Cybersecurity Framework] so that the two frameworks could be used together more easily. We want to maintain the connection by making appropriate adjustments based on CSF 2.0 changes. In addition, stakeholders have had a few years to use the Privacy Framework and have identified areas where targeted improvements can be made. This year, we intend to implement a modest update to the Privacy Framework to support realignment with CSF 2.0, facilitate ease and effectiveness of use, and ensure the tool is responsive to current privacy risk management needs”.

Click here to find out more.