Noteworthy Information

Business & Government Advanced read

Use of Google Analytics violates "Schrems II"

In a groundbreaking decision, the Austrian Data Protection Authority ("Datenschutzbehörde" or "DSB") has decided on a model case by noyb that the continuous use of Google Analytics violates the GDPR. This is the first decision on the 101 model complaints filed by noyb in the wake of the so-called "Schrems II" decision.

Individuals Simple read

Data: A New Direction — But Which Direction?

Stated plainly, the UK Government is planning to end data protection rights for UK citizens. Reforms proposed in its paper Data: A New Direction would shift the core operating principle of data protection regulations from citizen protection (that personal data shall only be collected by organisations “for specified, explicit and legitimate purposes”) to a new principle that organisations should have the right to build and maintain databases about citizens without their consent.

Business & Government Intermediate read

Despite EU Court Rulings, Facebook Says US Is Safe To Receive Europeans' Data

Despite the European Union's highest court twice declaring that the United States does not offer sufficient protection for Europeans' data from American national security agencies, the social media giant's lawyers continue to disagree, according to internal documents seen by POLITICO. Their conclusion that the U.S. is safe for EU data is part of Facebook's legal argument for it to be able to continue shipping data across the Atlantic.

Business & Government Simple read

China Passes Data Protection Law

The law, called the Personal Information Protection Law (PIPL), is set to take effect on November 1, 2021. It was proposed last year -- signalling an intent by China's communist leaders to crack down on unscrupulous data collection in the commercial sphere by putting legal restrictions on user data collection. The new law requires app makers to offer users options over how their information is or isn't used, such as the ability not to be targeted for marketing purposes or to have marketing based on personal characteristics.

It also places requirements on data processors to obtain consent from individuals in order to be able to process sensitive types of data such as biometrics, medical and health data, financial information and location data. While apps that illegally process user data risk having their service suspended or terminated. Any Western companies doing business in China which involves processing citizens' personal data must grapple with the law's extraterritorial jurisdiction -- meaning foreign companies will face regulatory requirements such as the need to assign local representatives and report to supervisory agencies in China.

[Advanced] Privacy Without Monopoly: Data Protection and Interoperability

The problems of corporate concentration and privacy on the Internet are inextricably linked. A new regime of interoperability can revitalize competition in the space, encourage innovation, and give users more agency over their data; it may also create new risks to user privacy and data security. This paper considers those risks and argues that they are outweighed by the benefits. New interoperability, done correctly, will not just foster competition, it can be a net benefit for user privacy rights.

Singapore’s Personal Data Protection Act Shifts Away from a Consent-Centric Framework

The Singapore Parliament passed amendments to its Personal Data Protection Act from 2012.

Shoshana Zuboff meets Margrethe Vestager: A conversation about a future digital Europe

Listen to the first public conversation between Shoshana Zuboff and Margrethe Vestager about: The European way to shape the digital age and many other interesting topics.

The moment you realise the world has changed: re-thinking the EDPS Strategy

Covid-19 is a game changer. Thinking about the EDPS’ strategy for the next five years, we have to look again at our text.


Tools