The EDPB published draft guidelines on Technical Scope of Art. 5(3) of ePrivacy Directive (version for public consultation). 

According to the ‘executive summary’, “the emergence of new tracking methods to both replace existing tracking tools (for example, cookies, due to discontinued support for third-party cookies) and create new business models has become a critical data protection concern. While the applicability of Article 5(3) of the ePrivacy Directive is well established and implemented for some tracking technologies such as cookies, there is a need to remove ambiguities related to the application of the said provision to emerging tracking tools. 

The Guidelines identify four key elements for the applicability of Article 5(3) of the ePrivacy Directive, namely ‘information’, ‘terminal equipment of a subscriber or user’, ‘gaining access and ‘stored information and storage’. The Guidelines further provide a detailed analysis of each element. In section 3, that analysis is applied to a non-exhaustive list of use cases representing common techniques, namely: URL and pixel tracking; Local processing; Tracking based on IP only; Intermittent and mediated Internet of Things (IoT) reporting; Unique Identifier”. Click here to read the whole document.

***

CNIL (French data protection authority) has published guidance on the international data transfers through the use of audience measurement tools.

As CNIL clarifies, “Website hosts are required to use audience measurement tools, leading to the processing of a lot of personal data. These processing operations are subject to the GDPR and the ePrivacy Directive regarding cookies […]. Many tools available on the market result in transfers of personal data outside the European Economic Area (EEA), to countries or entities that are not considered to offer an adequate level of protection. Using a properly configured proxy can be an operational solution to bring these data transfers into compliance”. Click here to find out more.

***

The UK government introduces changes to the Data Protection and Digital Information Bill. According to the official press release, |A raft of common-sense changes to the Data Protection and Digital Information Bill will build an innovative data protection regime in the UK, crack down on benefit fraud cheats, and allow the country to realise new post-Brexit freedoms while delivering new economic opportunities to the tune of £5.9 billion”. Click here to find out more.

***

According to the IAPP,”Italy’s data protection authority, the Garante, announced an investigation into the data collection practices for algorithm training. The probe covers public and private entities and aims to “verify the adoption of suitable security measures to prevent the massive collection (webscraping) of personal data.” The regulator also opened a 60-day public consultation on potential security measures to combat data scraping”. Click here to find out more.