Jun 01
Danish DPA Data Protection Digital Markets Act EU-US cooperation EDPB hits Meta, the EU General Court explains the nature

EU lawmakers have begun negotiations on Cyber Resilience Act, another Google Analytics decision is adopted in Finland, Ireland’s DPC refers TikTok investigation to EDPB

DP News – Week 22. EU lawmakers have begun negotiations on Cyber Resilience Act, another Google Analytics decision is adopted in Finland, Ireland’s DPC refers TikTok investigation to EDPB.

In the European Parliament, the discussions around the draft of the Cyber Resilience Act are ongoing.

As Euractiv reports, “Manufacturers’ obligations, reporting, compliance and enforcement are the main areas of the first compromise on the new cybersecurity law […]. The Cyber Resilience Act is a legislative proposal introducing basic cybersecurity requirements for connected products. The scope of the regulation was enlarged to cover any product with digital elements that can have a direct or indirect data connection to a device or network. At the same time, connected devices developed exclusively for the defence sector were excluded alongside those with national security and military purposes”.

***

In Finland, the Office of the Data Protection Ombudsman ordered the Finnish Meteorological Institute to stop the EU-US data transfers that involve usage of Google Analytics and Google’s reCAPTCHA.

The Ombudsman’s official press-release clarifies that “ReCAPTCHA recognition distinguishes computer programs (so-called bots) from people, and was used in connection with the feedback form on websites”, while the “Google Analytics service was used to monitor website visitor statistics”.

In essence, the “Institute had not defined or applied the legal basis for the transfer of personal data in the use of reCAPTCHA and Google Analytics services. Nor had it suspended data transfers without delay after the ECJ’s Schrems II decision (C-311/18), even though it no longer had a valid basis for transferring data”.

In addition, as the Ombudsman stated, the Institute had failed to conduct a data protection impact assessment on international data transfers.

***

As the IAPP and Politico report, “in the coming months, members of the European Data Protection Board will decide if TikTok violated the EU General Data Protection Regulation by allegedly mishandling children’s data. The EDPB took on the investigation after Ireland’s Data Protection Commission triggered a dispute resolution mechanism when it “failed to resolve objections raised by other European data protection authorities” while investigating TikTok. The original investigation began in 2021 after European data protection authorities began inquiring if TikTok’s age verification protocols were sufficient to keep children under age 13 off the platform”.

See more related posts »

Related blog posts