News

Renewables-centric Iberian Peninsula reaps record-low prices – but pays price for lack of EU cables

Brussels, 13 February - The EDPB has recently adopted its work programme for 2026-2027, which is grounded in the four pillars of the EDPB strategy 2024-2027. The work programme is based on the priorities set out in the EDPB strategy and it also takes into account the commitments made in the Helsinki Statement on enhanced clarity, support and engagement aimed at making GDPR compliance easier, strengthening consistency, and boosting cross-regulatory cooperation. Easing compliance is at the top of

We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of copyright law and policy, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation. Imagine every post online came with a bounty of up to $150,000 paid to anyone who finds it violates opaque government rules—all out of the

Government.

"The government recognizes the importance of protecting fundamental rights and appreciates that the Commission also gives attention to this issue. Nevertheless, the government has reservations about the proposal, given that the regulation provides for the large-scale availability of sensitive..."

Government

“Het kabinet onderschrijft het belang van de bescherming van grondrechten en waardeert dat de Commissie hieraan eveneens aandacht schenkt. Niettemin plaatst het kabinet kanttekeningen bij het voorstel, gezien het feit dat de regeling voorziet in een grootschalige beschikbaarstelling van gevoelige...

The European Ombudsman has found that the Commission disregarded important transparency rules while preparing the Europol Regulation, which is a part of the legislation to "counter migrant smuggling". The inquiry concluded that the Commission didn't provide enough evidence to justify the claims of "urgency" to bypass their own 'Better Regulation' rules, and skipping public consultations, thorough impact assessments and evidence gathering. The post Migrant smuggling laws: European Commission foun

The European Ombudsman has found that the European Commission disregarded important transparency laws during the preparation of the Europol regulation, which is part of the legislation aimed at combating "human smuggling of migrants." The investigation concluded that the Commission did not provide sufficient evidence to justify its claims of "urgency," thereby circumventing its own rules for "better regulation," as well as public consultations, thorough impact assessments, and the gathering of evidence. Article: Legislation against human smuggling of migrants: The European Commission...

> How can PETs help with data protection compliance? At a glance • PETs can help you demonstrate a ‘data protection by design and by default’ approach to your processing. • PETs can help you to comply with the data minimisation principle by ensuring you only process the data you need for your purposes, and provide an appropriate level of security for your processing. • You can use PETs to give access to datasets which would otherwise be too sensitive to share, while ensuring individuals’ data is

How can Privacy-Enhancing Technologies (PETs) contribute to compliance with privacy regulations? In short: • PETs can help you demonstrate an approach where privacy protection is "naturally" and "by default" integrated into your processes. • PETs can help you comply with the principle of data minimization by ensuring that you only process the data you need for your purposes, and that you provide an appropriate level of security for your processing. • You can use PETs to provide access to datasets that would otherwise be too sensitive to share, while simultaneously ensuring that the personal data of individuals remains protected.

Hoe kunnen Privacy-Enhancing Technologies (PET's) bijdragen aan de naleving van de privacywetgeving? In het kort: • PET's kunnen u helpen om een benadering te demonstreren waarbij privacybescherming "van nature" en "als standaard" wordt ingebouwd in uw processen. • PET's kunnen u helpen om te voldoen aan het principe van dataminimalisatie, door ervoor te zorgen dat u alleen de gegevens verwerkt die u nodig heeft voor uw doeleinden, en dat u een passend beveiligingsniveau biedt voor uw verwerking. • U kunt PET's gebruiken om toegang te geven tot datasets die anders te gevoelig zouden zijn om te delen, terwijl u tegelijkertijd ervoor zorgt dat de persoonlijke gegevens van individuen beschermd blijven.

Brussels, 5 November - The European Data Protection Board (EDPB) is taking an important step towards facilitating GDPR compliance for organisations by developing a series of ready-to-use templates. This initiative, announced following the Helsinki Statement on enhanced clarity, support, and engagement, aims to provide practical tools that organisations can readily implement to meet their data protection obligations. To ensure these templates address the needs of organisations, the EDPB has launc

Brussels, November 5th - The European Data Protection Board (EDPB) is taking a significant step to help organizations comply with the General Data Protection Regulation (GDPR) by developing a series of ready-to-use templates. This initiative, announced following the Helsinki Declaration on greater clarity, support, and engagement, aims to provide practical tools that organizations can easily implement to fulfill their data protection obligations. To ensure that these templates meet the needs of organizations, the EDPB...

Brussel, 5 november - Het Europees Comité voor gegevensbescherming (EDPB) neemt een belangrijke stap om organisaties te helpen bij het naleven van de AVG (Algemene Verordening Gegevensbescherming) door een reeks kant-en-klare templates te ontwikkelen. Dit initiatief, aangekondigd na de verklaring van Helsinki over meer duidelijkheid, ondersteuning en betrokkenheid, heeft als doel praktische hulpmiddelen te bieden die organisaties gemakkelijk kunnen implementeren om aan hun verplichtingen op het gebied van gegevensbescherming te voldoen. Om ervoor te zorgen dat deze templates aan de behoeften van organisaties voldoen, heeft het EDPB...

Government

Kinderrechten Impact Assessment op Instagram

Government

Kinderrechten Impact Assessment op Snapchat

Government

Kinderrechten Impact Assessment op TikTok

Nieuws uit de Europese Unie.

Zoals eerder aangekondigd in het "Competitive Compass" (pagina 12), lijkt het erop dat, net als in een ander onderdeel van Omnibus III, de regels van de AVG (Algemene Verordening Gegevensbescherming) voor het MKB (middelgrote en kleine bedrijven) mogelijk vereenvoudigd zullen worden. Er lijkt gekeken te worden naar artikel 30 van de AVG (de registratieplicht), en volgens berichten in Politico zou er mogelijk ook...

News from the European Union.

As previously announced in the "Competitive Compass" (page 12), it appears that, similar to another section of Omnibus III, the rules of the GDPR (General Data Protection Regulation) for SMEs (small and medium-sized enterprises) may be simplified. There seems to be a focus on Article 30 of the GDPR (the registration requirement), and according to reports in Politico, there may also be changes to...

EU News

Zoals al aangekondigd in het Competitive Compass (blz. 12), lijkt het nu op dat onderdeel van Omnibus III, ook de AVG-regels voor het MKB wat versimpeld zullen worden. Er lijkt te worden gekeken naar artikel 30 AVG (de registerverplichting), en in Politico wordt bericht dat er wellicht ook gekeke...

Government

Rijksbreed AVG-onderzoek 2024. Deelrapporten van de Auditdienst Rijk (ADR) over het rijksbrede AVG-onderzoek naar de inrichting en implementatie van privacy by design & default en de opvolging en monitoring van de resultaten uit Data Protection Impact Assessment (DPIA's).Deelrapport BZK

Bescherming van persoonlijke gegevens. Verzoek om verwijdering van zoekresultaten uit de zoekmachine Google: het recht om vergeten te worden. Artikelen 17 en 21 van de Algemene Verordening Gegevensbescherming (AVG) en artikel 35 van de Uitvoeringswet AVG.

Personal data protection. Request for removal of search results from the Google Search search engine: the right to be forgotten. Articles 17 and 21 General Data Protection Regulation (AVG) and Article 35 AVG Implementation Act.

> On October 14, 2022, the Federal Trade Commission announced it is extending the deadline by one month to submit comments on its Advanced Notice of Proposed Rulemaking on commercial surveillance and lax data security practices.

> GDPR RISK ASSESSMENT is intended to assist controllers and processors to identify the risk factors for the rights and freedoms of data subjects whose data are present in the processing, to make an initial assessment of the intrinsic risk, including the need to perform a DPIA, and to estimate the residual risk if measures and safeguards are used to mitigate the specific risk factors.

De GDPR-risicoanalyse is bedoeld om controllers en verwerkers te helpen bij het identificeren van de risicofactoren voor de rechten en vrijheden van de betrokkenen, wiens gegevens worden verwerkt. Het doel is om een eerste inschatting te maken van het inherente risico, inclusief de noodzaak om een Privacy Impact Assessment (DIA) uit te voeren, en om het resterende risico te schatten als maatregelen en beveiligingsmechanismen worden gebruikt om specifieke risicofactoren te verminderen.

> Mr. Depoorter realized that he could come up with an automated way to combine these publicly available cameras with the photos that people had posted on Instagram. So, over a two-week period, he collected EarthCam footage broadcast online from Times Square in New York, Wrigley Field in Chicago and the Temple Bar in Dublin. > Rand Hammoud, a campaigner against surveillance at the global human rights organization Access Now, said the project illustrated how often people are unknowingly being fi

De Deense Autoriteit voor Persoonsgegevens heeft onderzoek gedaan naar het instrument Google Analytics en de bijbehorende instellingen, evenals de voorwaarden waaronder het instrument wordt aangeboden. Op basis van dit onderzoek concludeert de Deense Autoriteit voor Persoonsgegevens dat het instrument, zonder aanvullende maatregelen, niet op een wettelijke manier kan worden gebruikt. Wettelijk gebruik vereist de implementatie van aanvullende maatregelen, naast de instellingen die door Google worden aangeboden.

The Danish Data Protection Agency has looked into the tool Google Analytics and its settings, and the terms under which the tool is provided. On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully. Lawful use requires the implementation of supplementary measures in addition to the settings provided by Google.

> The fine is the result of an investigation that began in 2020 and focused on the company’s processing of children’s personal data. Based on press reports, the investigation focused on children between the ages of 13 and 17 who were allowed to operate business or creator Instagram accounts. As a result, children’s phone numbers and email addresses were publicly accessible.

De boete is het resultaat van een onderzoek dat in 2020 is begonnen en zich richtte op de manier waarop het bedrijf persoonlijke gegevens van kinderen verwerkte. Op basis van berichten in de media richtte het onderzoek zich op kinderen tussen de 13 en 17 jaar oud die toestemming hadden om zakelijke of creatieve Instagram-accounts te gebruiken. Hierdoor waren telefoonnummers en e-mailadressen van kinderen openbaar toegankelijk.

The Belgian SA fined a medical laboratory €20,000 for violating Articles 5(1)(f), 12, 13, 14, 24, 25, 32, 35(1), and 35(3) GDPR due to a lack of security and a privacy policy on its website as well as its nonexistent data protection impact assessment.

> The proposed fine follows complaints filed by privacy NGO ‘Privacy International’ against Criteo. […] Under the CNIL’s sanction procedure, Criteo has the right to respond to the report, both with respect to the alleged infringements and the proposed sanction.

De voorgestelde boete volgt op klachten die de privacyorganisatie "Privacy International" heeft ingediend tegen Criteo. [...] In het kader van de sanctieprocedure van de CNIL heeft Criteo het recht om te reageren op het rapport, zowel met betrekking tot de vermeende overtredingen als de voorgestelde sanctie.

> In a landmark ruling of 21 June 2022, the CJEU (Grand Chamber), upheld the EU’s regime to collect and use records of travellers, provided that it is strictly interpreted in line with the EU’s fundamental rights. In addition, indiscriminate processing of the data in cases of flights carried out only within the EU is banned unless there is a threat of terrorism. In general, the passengers’ data must also be deleted after six months at the latest.

> DeFine is a translation into a calculator of part of the methodology proposed by the European Data Protection Board to calculate GDPR fines (see EDPB, Guidelines 04/2022 on the calculation of administrative fines under the GDPR, 12 May 2022, available online; it was subject to a public consultation until 27 June 2022).

> Do we need an Chief Privacy Officer, a Data Protection Officer, or do we need both?In the following article, I will examine the benefits of both roles, but I will also look at some of the challenges related to each of the roles and why these have impelled both Data Protection Officers and organisations to question what the ideal setup is for them.