Title search:

pnewsletter header.png

EU gives until year's end to comply with new rules for cross-border transfers

Much news out of the EU this week. First is the awaited announcement of SCC rules for data transfers following the Schrems II ruling. There's also a proposed ban on facial recognition and the ruling broadening DPA power outside their national territory.

--Susan Raab, Editor

Send us your news & comments

Headquarter location no longer protects Big Tech from external regulators 

New ruling allows EU DPAs to sue outside own territory

Facebook, Google, Twitter and Apple all have EU headquarters in Ireland, and are subject to that country's data protection authority (DPA). But now, in response to Facebook's challenge saying Belgium does not have the territorial right to stop it from tracking consumers there, the EU has ruled that national authorities do have that right if it's determined the company infringed on GDPR.

Read More 

Don’t ignore 64,000 parents!

Dutch parent group sues TikTok - for $1.7B

Convinced TikTok has been violating EU data protection laws and unable after a year to get satisfaction from EU data authorities, the Amsterdam Market Information Research Foundation, which represents 64,000 Dutch parents, brought its own case to Dutch court, suing for €1.4B (approximately $1.7B). 

Read More 

20 EU flag.jpg

IT'S THE LAW                                   

The EU has adopted two new sets of Standard Contractual Clauses (SCC). The Cross-Border SCC is the first and it becomes applicable June 27, 2021. From then until September 27, 2021, the old and new SCC can be used. After that, new contracts must use the new SCC, which is consistent with GDPR and the Schrems II ruling, though old agreements will be honored if deemed appropriate. By December 27, 2021, all old SCC’s need to be replaced. To ensure compliance, organizations should review and make appropriate changes to international data transfers from the EU as soon as possible. The second set of SCC changes is specific to the controller-processor data processing agreements. 

Read More 

Read More - SCC law

Analysis of 20,000+ mobile health apps found 90% collect and track user data

The British Medical Journal reported on the types of data collected by mobile health and fitness (mHealth) apps in the Google Play Store. The authors analyzed 20,000+ apps and found that nine of ten collect and track user data. More than a quarter (28%) didn’t adhere to the platform’s terms of service to list collected data, including email addresses, cell tower location and multiple device identifiers. Results also identified third party libraries embedded in the apps and detected more than half were sending data to third-party servers. 

Read More

21 BMA medical app survey [v2].jpg
21 Cybersecurity Insiders - Bitglass.jpg



Data loss/leakage is top concern about Bring Your Own Device (BYOD) programs 

A survey of nearly 300 cybersecurity professionals published by Bitglass shows that while 82% of them now actively enable personal devices for work, security protocols are still catching up.

Read More


In Brief: 

D4t4 introduces Celebrus Fraud Data Platform to help businesses protect customers in real-time across many digital touchpoints. Automated behavioral insights and continuous authentication processing alert companies to unusual online interactions and enable them to guard against fraud and improve customer experience. Read More

EU data protection authorities propose ban on facial recognition tech use in public spaces. Concerned that use of AI for automated recognition of human features, emotions, and social scoring can lead to discrimination, the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) teamed up to propose legislation to ban it.  Read More

CDP Institute News:

CDPI Slack channel: Join us to talk about privacy and martech.

CDPI Privacy Glossary 

Share: https://www.cdpinstitute.org/newsletter/Blog1551/06-22-21-Privacy-Newsletter

The CDP Institute educates marketers about the issues, methods, and technology used to manage customer data, with a special focus on Customer Data Platforms. Join the CDP Institute for free access to valuable information and insights.


Join Now

© 2021 CDP Institute. Privacy Policy | Terms of Use