The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO’s favourite weekly read ☕️
Apologies for the week off last time. There’s been a lot happening in the world of data privacy and compliance, so let’s get stuck into it!
Europe faces Facebook blackout
Ireland’s privacy regulator is doubling down on an order to stop data flowing to the US.
This clash could mean a shutdown of services such as Facebook and Instagram.
The issue brings forward more of an existential problem regarding how organizations can transfer data across the Atlantic.
The EU and US are in the midst of negotiating a new data-transfer text that would allow companies like Meta to continue to ship data across the Atlantic irrespective of the Irish order.
Brussels and Washington in March agreed to a preliminary deal at the political level. Still, negotiations on the legal fine print have stalled, and a final agreement is unlikely to be reached before the end of the year.
For now, the battle continues, with Facebook threatening a complete shutdown of its services.
In the meantime, data importers and exporters may want to rely on other data transfer tools such as the new EU Standard Contractual Clauses or, in rare instances, derogations under Article 49 of the General Data Protection Regulation (GDPR), such as individual, specific consents.
US businesses, change is a-comin’
The legislative privacy agenda is very active in the US at the moment.
Data privacy laws are set to take effect in California, Virginia, Colorado, Utah and Connecticut in mid to late 2023.
For data privacy professionals, it’s time to consider your requirements and the scope of your obligations under these new laws.
If you’re not operating in one of these regions, you likely will be covered by new legislation in the coming years.
Time to get up to speed.
ICO to keep money from UK GDPR fines
The ICO has announced that, by agreement with the Treasury and DCMS, it will now be allowed to retain a proportion (capped at £7.5 million per year) of funds received in fines.
Notably, the ICO will only be permitted to use these funds to cover their litigation costs, which will include the costs of external experts and counsel.