#SypherPrivacyTalks - November 2023 - Week 47

by Sypher - November 20, 2023

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

EDPB guidelines on tracking techniques covered by the #ePrivacy Directive are open for public consultation

edpb.europa.eu • 20 min read

📜The European Data Protection Board (EDPB) recently adopted Guidelines on the technical scope of Art. 5 (3) of the #ePrivacy Directive. In other words, 🍪 cookie consent and new tracking technologies. 

❗The Guidelines are open for 📝public consultation until December 28th, 2023.

The document aims to clarify which technical operations, in particular new and emerging tracking techniques, are covered by the Directive, and to provide greater legal certainty to data controllers and individuals. Note that the Guidelines only address the scope of Art. 5(3) and do not address how consent should be collected or when the exemptions apply.

The Guidelines executive summary mentions: "The emergence of new tracking methods to both replace existing tracking tools (for example, cookies, due to discontinued support for third-party cookies) and create new business models has become a critical data protection concern." 

Read more on the announcement from EDPB.
The Guidelines can be consulted here

A view from Brussels: A look inside the IAPP Europe DPC 2023

iapp.org • 3 min read

🌟 The International Association of Privacy Professionals (IAPP) 12th Europe Data Protection Congress, held in Brussels, brought together nearly 3,000 privacy professionals, regulators, policymakers, academics and researchers for a comprehensive exploration of current issues in privacy and data protection. 

This article highlights the most notable ❗moments of the event, which covered topics such as data transfers, GDPR review, EU data regulation, cyber security, online advertising and cross-border enforcement. 

In particular, EU Justice Commissioner Didier Reynders highlighted the enduring relevance of the General Data Protection Regulation (GDPR) within the evolving European legal framework for the processing of personal data. 

The European Parliament representatives delved into AI governance, with a focus on the negotiations for the AI Act, as well as Europe's cyber strategy with its implication for privacy and children’s online safety. 

Regulators from various countries, including Belgium, Finland, Germany, Ireland, Italy, Morocco, Norway and the UK, as well as Any Talus, the new European Data Protection Board chair shared their insights…  read more

Axpo Italia fined $10.5M in GDPR case over data processing

complianceweek.com • 2 min read

💸 Axpo Italia, a producer and trader of renewable 🌍 energy products, was penalized under the GDPR by the Italian data protection authority (Garante) for processing 🚫 inaccurate and 🕰️ outdated personal data of customers.

Garante assessed a fine of 10 million euros. The company said in an emailed statement that it cooperated with the regulator’s investigation and reserved the right to potentially appeal the ruling… read more

Spain legislates for first EU AI Act regulatory sandbox

pinsentmasons.com • 4 min read

🤖 Companies will be able to test AI-powered products and services in a new regulatory sandbox provided for in Spanish law, the first such sandbox linked to the EU AI Act. This underlines the Spanish government's intention to play a leading role in promoting innovation in AI.

The new sandbox will involve collaboration between providers of AI systems and their users and will, among other things, allow organisations to test their AI systems against the requirements of the AI Act before the AI Act comes into force. Participation in the sandbox is subject to eligibility criteria... read more

Digital pharmacy startup Truepill says hackers accessed sensitive data of 2.3 million patients

techcrunch.com • 4 min read

🏥Truepill, a company that provides pharmacy fulfilment services to healthcare organisations, has confirmed that hackers have accessed the personal information of more than 😱2.3 million patients.

In a data breach notice, the company said Postmeds, the parent company of TruePill, experienced a "cybersecurity incident" between 30 August and 1 September that exposed files used for pharmacy management and fulfilment services.

The data breach is already the subject of a class action lawsuit, which alleges that the cybersecurity incident was a result of Postmeds' failure to implement adequate data security measures to protect customer information. The company is accused of failing to encrypt sensitive health information stored on its servers… read more

Stay tuned for more by 📌 connecting with us on LinkedIn or, better yet, by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.