Blog

🔒 Key Privacy Update: TikTok Instructed to Address Child Privacy Concerns

In a significant development, the European Data Protection Board (EDPB) has issued a directive to TikTok, mandating changes in the platform’s handling of personal data for users aged 13 to 17. The EDPB found that TikTok’s design practices were not aligned with GDPR fairness principles during the period from July 31 to December 31, 2020.

Transatlantic Data Deal Challenged Before EU Court 📜

A fresh legal challenge has emerged regarding the EU-U.S. Data Privacy Framework, designed to address data transfer concerns between the EU and the United States. This challenge comes merely months after its inception, following the 2020 annulment of its predecessor, Privacy Shield.

Advancing Data Protection in India: The Digital Personal Data Protection Bill, 2023

Big News! 🎉 The Rajya Sabha has approved the Digital Personal Data Protection Bill, 2023 on August 9. This new law introduces stricter rules around handling digital personal information, provides for dedicated officers to address data subject rights, requires methods of redress for individuals, and establishes an Indian Data Protection Board to handle complaints. This law is all about being responsible with data and ensuring fairness in India’s digital world.

Ready for the new Swiss Data Protection Law? Implications for organizations outside Switzerland

The revised Swiss Federal Act on Data Protection (RevFADP), which takes effect from September 1, 2023, brings Switzerland’s data protection regime in line with the GDPR and has significant implications for organizations outside Switzerland. The territorial scope of the RevFADP is broader than the GDPR, applying to activities with an impact in Switzerland even if initiated from abroad. Non-Swiss companies targeting goods or services to Swiss individuals or storing data on Swiss servers must comply. Additionally, organizations caught by the RevFADP’s scope must appoint a representative in Switzerland to serve as their local point of contact for Swiss data subjects and the Swiss supervisory authority (FDPIC). Senior managers and those responsible for an organization’s data protection tasks should take note of the new criminal sanctions of fines up to CHF 250,000 for individuals that have wilfully breached the RevFADP.

🔒 Practical implications following the EU Commission's adequacy decision for the EU-U.S. Data Privacy Framework 🔒

📅 On 10 July 2023, the European Commission adopted its adequacy decision on the EU-U.S. DPF, but what does this mean operationally for transfers from the EU to organizations in the U.S.?

✉️ Transfers of personal data can now be made to U.S. organizations certified as EU-U.S. DPF participants without needing appropriate safeguards like Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).