A couple of things I noted in today's GDPR review report published by the European Commission that I find interesting:
1) The One Stop Shop mechanism came out of it stronger than I would have expected; technically, ~it needs more time to become effective~
ec.europa.eu/info/sites/inf…
2) There are two potential legislative updates mentioned on the long run, both of them very narrow: harmonizing the age of consent for children for online services and record keeping by SMEs. COM is giving the GDPR more time to settle in before considering any serious reviews.
3) There seems to be a preoccupation for clarifying rules related to processing of personal data for research and for the public good, particularly in relation to health - this being mentioned a couple of times in the report.
#healthdata
4) In fact, COM mentioned it contracted out an 'Assessment of the Member States’ rules on health data in the light of GDPR', which is to be carried out by this consortium euhealthsupport.eu; COM also asks EDPB to publish Guidelines for processing data for research purposes;
5) Data portability is another key preoccupation. COM feels it is not used at its top potential and it could be a key player in facilitating competition... but also the use of 'data for the public good' or 'data altruism'.
#dataportability #GDPR #GDPRReview
6) One other interesting initiative announced in a footnote is a 'project on age identification tools – pilot project to demonstrate an interoperable technical infrastructure for child protection, including age-verification and parental consent.' Definitely to be followed.
7) On international data transfers: COM is pushing the EDPB to finalize their opinion on the interplay of Art 3.2 (extraterritorial direct applicability of the GDPR) and Chapter V (Int data transfers rules); COM is waiting Schrems II judgment before adopting updated SCCs.
8) COM also highlighted its commitment to rebuke data localization efforts of third countries (including by not shying away of using trade agreements to this end); & committed to collabs with OECD, ASEAN and G20; Truly going global.
9) Speaking of going global, COM also announced it will create a *Data Protection Academy* "a platform where EU and foreign data protection authorities would share knowledge, experience and best practices to facilitate and support cooperation between privacy enforcers". Familiar?
10) One last point: keep your eyes on the Proposal of a Directive for representative actions for consumers, currently in legislative process, which the Commissions says will streamline and harmonize Article 80 type of representative actions also for data protection breaches. FIN

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Dr. Gabriela Zanfir-Fortuna

Dr. Gabriela Zanfir-Fortuna Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @gabrielazanfir

15 Dec 20
I see a bit more interesting interaction between data protection rules and the #DigitalMarketsAct. Two points: (1) the obligation for gatekeepers to refrain from combining personal data from any other services offered by the gatekeeper or w PD from 3rd-party services, unless 1/
"unless the end user has been presented with the specific choice and provided consent in the sense of the GDPR" (Art. 5(a) of the proposal). And 2) the obligation for gatekeepers to submit to COM an annual independent audit w a description of the user profiling techniques 2/ #DMA
There are also data sharing obligations with third parties, including personal data, which are quite interesting. In fact, one of them speaks of "continuous and real time access" offered to business users (Art. 6(1)(i)) #DSA 3/
Read 5 tweets
14 Dec 20
And the text fo the long awaited #DigitalServicesAct Proposal is here! One day early, thanks to @SamuelStolton and his sources. One key thing to note is that the DSA is clearly without prejudice to both the GDPR and the ePrivacy Directive... euractiv.com/wp-content/upl… 1/n #DSA
which technically means that it applies on top of them and in case of conflict, the provisions in the #GDPR and the ePrivacy Directive prevail. There are 2 areas of interaction that immediately pop-up. First, the rules on recommender systems and online advertising 2/n #DSA
Both of these certainly rely on processing of personal data. But it seems there is broad convergence between the existing #EUDataP regime and the proposed #DSA, especially in relation to transparency and rights to explanation 3/n #DSA
Read 13 tweets
25 Nov 20
Momentous development in EU law for the digital market: the EU Commission is expected to publish today the #DataGovernanceAct proposal for a Regulation. From a new European Board, to fiduciary duties, to data intermediaries, data cooperatives (!) and data altruism… 1/
There are plenty of things to look out for! Here is my top list of hot topics, based on the leaked version that circulated among Brussels tech media a couple of weeks back. First: lots of “data sovereignty” undertones to key rules, sometimes sliding into data localization … 2/n
Exhibit A: The title regulating the re-use of data held by public sector bodies allows such re-use by different actors “within the Union”, with an additional specification that “the processing of such data shall be limited to the European Union” 3/
Read 15 tweets
24 Nov 20
Big thanks to @ddoneda @rafa_zanatta @brunobioni @RenatoLeiteM and Laura Schertel Mendes for enlightening us at @futureofprivacy about the complexity of the Brazilian jurisdictional system and the wondrous ways in which the #LGPD takes a life of its own ... 1/n
... within the federalized legal system, where consumer protection agencies, big and small, have a strong tradition of enforcing consumer rights, where Prosecutors from the Public Ministry - federal and regional, have the power to bring #LGPD breaches to Court ... 2/n
... where there is a long tradition of class actions, with actually very few barriers to proceed in Court from an admissibility and costs perspective, where the Supreme Constitutional Court recognized this year an autonomous fundamental right to data protection... 3/n
Read 5 tweets
16 Jul 20
The CJEU clearly upheld its string of serious data protection cases against gov access to personal data, starting with Digital Rights Ireland, then Schrems I, then Tele2Sverige, EU-Canada PNR Opinion. If you knew those decisions, the outcome of the PS assessment is no surprise.
The surprise was that the Court decided to go full strength on in this particular case, after the AG has given it a way out to postpone the assessment of the PS and focus on SCCs. Clearly, the Court saw an inextricable link between the two. The other option would have been...
to show the weaknesses of the Privacy Shield and give the Commission and the US government time to act/react, while sharpening Commission's attention to the rest of the world too, with Chinese-based apps taking more and more of the European market very recently.
Read 4 tweets
23 Jun 20
Worrying news from Brazil 🇧🇷 The Fake News bill being discussed by Congress imposes mandatory social media account ID registration (!) and seems to be aiming to strict data localization and data retention obligations. 1/5
#LGPD #GDPR #privacy
If you thought mandatory SIM card registration is bad, this is worse. All social media users would have to provide valid Brazilian ID or passports if they’re foreigners & a Brazilian phone number to be able to open a user account. 2/5
It also aims to impose data retention obligations for internet connection logs (!) for 1 year by ISPs and 6 months by online applications. Plans for EU Adequacy post-LGPD may be … problematic. See CJEU in Digital Rights Ireland curia.europa.eu/juris/document… 3/5
#dataretention #GDPR
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!