#1 International privacy and security update (22/2020)

cyber-security-2765707_640

Belgium

  • Belgian Data Protection Authority imposes fine on non-profit organisation for infringement of Art. 6(1) and Art. 21(4) DSGVO for unfair marketing activities. You can read the Decision here.

Canada

  • The Canadian Centre for Cyber Security makes a statement about the handling of quantum computing and cryptography. You can get the one-pager here.

Dubai

  • Dubai International Finance Centre strengthens data protection by new law in July 2020. You can read the press release here and the Data Protection Law here.

EU

  • EU-commission publishes white-book to AI-strategy und Portal zur EU-data strategy. EEA EFTA States welcome Commission’s strategies for AI and data see press release here . EEA EFTA States welcome Commission’s strategies for AI and data see press release here

  • LIBE Committee publishes draft report with crypto-asset regulation recommendations to the Commission. You can read the Draft Report here.

  • EBA publishes opinion on third-party provider service provision obstacles under PSD2. You can read the press release here and the Opinion here.

  • IMCO issues study on New Developments in Digital Services, can be read here.

  • The European Data Protection Supervision Body publishes comments from countries on monitoring the code of conduct in accordance with Article 41 GDPR. Germany opinion here.

  • European Parliamentary Research Service (EPRS) publishes study on " Blockchain for supply chains and international trade. You can read the Study here.

  • Brexit - European Parliament stresses in an opinion how important data protection is for future relations with the UK. You can read the Opinion here.

  • IAB publishes guidelines on the use of third-party cookies. You can get it here.

France

  • CNIL publishes Q&As on StopCovid app. You can read the Q&As, only available in French, here.

Germany

  • BSI issues statement on cooperation agreement with Verbraucherzentrale Bundesverband to on strengthening citizens’ rights and information on basic security technologies. You can read the press release, only available in German, here.

  • LfDI Rhineland-Palatinate issues statement on data breach increase due to phishing attacks. ou can read the press release, only available in German, here.

  • Saarland Commissioner issues guidance on mandatory customer data processing during Coronavirus. You can read the Guidance, only available in German, here.

  • BayLfD issues best practice checklist to prevent cyber attacks in medical institutions. You can read the press release here and the Checklist here, both only available in German.

Lichtenstein

  • The data protection authority in Lichtenstein publishes its activity report for the year 2019 here

Netherlands

  • Dutch Workers’ Insurance (UWV) announces to increase the security of its online portals by 2FA after the data protection authority imposed a fine of 150,000 EUR per month. Details can be found here

Spain

  • Spain AEPD fines Iberdrola Clientes €4,000 for breach of the DSGVO for failing to provide information requested under Article 58(1) DSGVO. The text (spanish) of the authority can be found here

  • INCIBE issues blog post on protection of companies’ information. You can read the Blog Post, only available in Spanish, here.

Switzerland

  • On 1 June 2020, the revised Law on Information and Data Protection (IDG) will come into force in Switzerland. The press release can be found here

Turkey

  • KVKK explains a data breach at EasyJet Plc that affected approximately 6,800 Turkish * citizens between October 2019 and March 2020. You can read the press release here.

Uruguay

  • URCDP defines and clarifies the rules for the appointment of a data protection officer (DPO). You can read the press release here and the Resolution here.

USA

  • CISA releases first cyber essentials toolkit. You can read the press release here, the Guidance here, and access the Toolkits here.

  • HyperBeard agrees $150,000 settlement with FTC**, because of illegally collecting childrens personal data. You can read the press release here and the Proposed Settlement here.

  • NIST issues guideline „Foundational Cybersecurity Activities
    for IoT Device Manufacturers“. Can be read here

  • NIST publishes Recommendation for Cryptographic Key Generation , the press release can be found here

  • National Security Commission on Artificial Intelligence publishes a public request for comments on Artificial Intelligence. You can check it here.