Jan 19
Danish DPA Data Protection Digital Markets Act EU-US cooperation EDPB hits Meta, the EU General Court explains the nature

UK-US cooperation, ISO standard in Privacy-by-design, CNIL hits TikTok

DP News – Week 3. UK-US cooperation, ISO standard in Privacy-by-design, CNIL hits TikTok

UK and US officials have met in Washington, D.C. to launch the so-called US-UK Comprehensive Dialogue on Technology and Data. The Dialogue was launched by the U.S. Secretary of Commerce Gina Raimondo and UK Secretary of State for the Department of Digital Culture, Media, and Sport (DCMS) Michelle Donelan in October, 2022.

Among targeted deliverables for 2023 agreed-on by the UK and US representatives are, inter alia, facilitation of the global trusted data flows and finalization / implementation of a ‘data bridge’ for U.S.-UK data flows. It is agreed that the progress will be reviewed on a quarterly basis.

***
It has been announced that, on 08 February 2023, the International Organization for Standardization (ISO) will adopt the standard in Privacy-by-Design as ISO 31700. As a matter of historical background, the following 7 foundational Privacy-by-Design principles were first introduced in 2009 by a canadian privacy practitioner Ann Cavoukian:
– Proactive not Reactive; Preventative not Remedial
– Privacy as the Default Setting
– Privacy Embedded into Design
– Full Functionality — Positive-Sum, not Zero-Sum
– End-to-End Security — Full Lifecycle Protection
– Visibility and Transparency — Keep it Open
– Respect for User Privacy — Keep it User-Centric

Now, 14 years later, the global privacy community expects those principles to be turned into a clear international standard. Further to this, the ISO 31700 standard is expected to contain 30 requirements and to be applicable to IT systems, accountable business practices, and physical design and networked infrastructure. As Ann Cavoukian says, this “gives life to operationalizing the concept of Privacy by Design, helping organizations figure out how to do it. The standard is designed to be utilized by a whole range of companies — startups, multinational enterprises, organizations of all sizes. With any product, you can make this standard work because it’s easy to adopt. We’re hoping privacy will be proactively embedded in the design of operations and it will complement data protection laws.”

***

On 29 December 2022, the France’s data protection authority (CNIL) imposed a fine (5 mln euros) on TikTok. The reasons for that – users could not refuse cookies as easily as accept them; nor were they informed in a sufficiently precise manner of the purposes of the different cookies. The decision is based on several online investigations conducted in 2020-2022 on the “tiktok.com” website and on the documents requested by CNIL.

See more related posts »

Related blog posts