The EU Digital Markets Act (DMA) appears headed for adoption in May. Companies providing “core platform services”, as well as those potentially receiving data from such companies, should understand not only what the DMA requires, but also its impact on existing obligations under the GDPR.
A new data reform bill included in the 2022 Queen's Speech promises a "pro-growth" framework of greater benefit to both businesses and citizens of the UK. It could put an end to the data adequacy decision that allows personal data to continue flowing between it and the EU.
A statement from Danske Bank indicates that the GDPR violations are tied to an inability to build data deletion functionality into its complex interlocked IT systems despite beginning efforts in 2016.
The EU and US have reached an agreement in principle on a Privacy Shield replacement, but details of the data transfer deal are not yet available to the public.
Clearview AI has been found to scrape the data of European citizens for its facial recognition systems and has been ordered to remove these subjects from its database. Claims it will have 100 billion facial images by the end of 2022.
Meta has issued statements indicating that a stoppage of EU-US data transfers would be "devastating" and could cause it to pull services from the region, even specifically naming Facebook and Instagram as products that could become inaccessible.
The immediate order to cease use of Google Analytics pertains to a particular French website that was the subject of a GDPR complaint over data transfers, but signs show it expanding to the rest of the EU before long.
The International Data Transfer Agreement tools are meant to reflect the changes made to the UK's own version of the GDPR, and could be available in late March.
Be vigilant when you engage with third party service providers. Ultimately it is your responsibility under the GDPR when cyber attacks and data breaches occur, not solely your service providers.
noyb has leaked documents that show Facebook approached the EDPB with their concept of “user contracts” that sidestep GDPR rules for user consent after numerous receptive meetings with the Irish DPC.