#SypherPrivacyTalks - November 2023 - Week 48

by Sypher - November 27, 2023

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

ICO warns UK’s top websites to make cookie changes

ico.org.uk • 1 min read

🚨UK’s Data Protection Authority has warned some of the UK's top websites that they could face enforcement action if they fail to comply with data protection laws, particularly in relation to πŸͺ cookie consent.

The problem: some websites do not give users a fair choice about whether or not to be tracked for personalised advertising. 

The Information Commissioner has previously issued clear guidance ☝️ that organisations must make it as easy for users to "reject all" advertising cookies as it is to "accept all". 

Websites can still serve ads if users opt out of all tracking, but they cannot tailor them to the person browsing.

Targeted companies have 30 days to make changes and ensure their websites comply with the law… read more

Data sharing in healthcare: new techniques for sharing health-related data

lexology.com • 9 min read

πŸ₯In the context of GDPR and current regulatory fragmentation, this article by Studio Legale Stefanelli & Stefanelli underscores the significance of πŸ”„ aligning healthcare data sharing national policies across EU countries for effective data utilisation.

Data sharing in the healthcare industry adds layers of complexity beyond general data sharing ones. This is due to healthcare data serving the 1️⃣ primary purpose of patient treatment and numerous πŸ”’ secondary purposes such as research, public health surveillance, education, or innovation.

The article provides a high-level overview of the existing governance framework at European level, including the European Health Data Space (EHDS), and it explores the intersection of data sharing, cybersecurity, and data access, by analysing several specific industry reports, including the report of the Digital Health Europe (DHE) consortium or the European Union Cyber Security Agency (ENISA)’s report 'Engineering Personal Data Sharing'… read more

Analysis on New EDPB guidelines on the scope of the ‘cookie rule’

lexology.com • 3 min read

πŸͺ As reported in the previous Sypher weekly newsletter, on 14 November the European Data Protection Board published new guidelines on the scope of Article 5(3) of the e-Privacy Directive - the 'cookie rule'.

πŸ”Ž This analysis by DLA Piper is a great overview of the Guidelines, with easy to understand explanations and an insight into the legal background, how the EDPB interprets the 'cookie rule', which πŸ€– technologies are covered and the practical implications that are of interest to any organisation. 

The note also mentions that the Guidelines apply a maximalist interpretation of the cookie rule, meaning that the EDPB considers a wide range of technologies other than traditional cookies to be included. This means that their use will be dependent on obtaining consent…read more

Meta challenges proposed ban on Facebook and Instagram processing personal data for advertising

breakingnews.ie • 5 min read

πŸ‘©‍βš–οΈ The Irish subsidiary of Meta has filed a High Court challenge to a proposed immediate ban on its Facebook and Instagram platforms processing personal data for use in behavioural advertising.

The action comes after the tech company was served with an enforcement notice by the Data Protection Commission last week, informing Meta Platforms Ireland Ltd that it has seven days to stop processing data for use in advertising based on users' online activities and interests.

Failure to comply with the enforcement notice is a criminal offence. The applicant, formerly known as Facebook Ireland, is the controller and service provider for Meta's platforms in Europe… read more

A view from Brussels: A look inside the IAPP Europe Data Protection Congress 2023

iapp.org • 3 min read

πŸ“£ The International Association of Privacy Professionals (IAPP) 12th Europe Data Protection Congress, held in Brussels, brought together nearly 3,000 privacy professionals, regulators, policymakers, academics and researchers for a comprehensive exploration of current issues in privacy and data protection.

This article highlights the most notable moments of the event, which covered topics such as data transfers, GDPR review, EU data regulation, cyber security, online advertising and cross-border enforcement… read more

Stay tuned for more by πŸ“Œ connecting with us on LinkedIn or, better yet, by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.