Premium labour and business legal counseling latest developments from Alexander Suliman, Sweden: Complying with the GDPR requirements is key for all businesses operating in the EU (or even those with EU customers). There are also particular obligations on those transferring personal data out of the EU and each national data protection authority is monitoring companies closely. Ensure your business is taking steps to comply with the regulation and consider auditing your data protection policies, together with your data processing agreements, and appoint a data protection officer in order to ensure compliance with the GDPR. Breach of the GDPR provisions are likely to lead to considerable fines: for example, the French data protection regulator, the CNIL, fined Google €50 as Google’s data consent policies were found not to be easily accessible or transparent to its users which runs afoul of the GDPR provisions. For further background, read our recent review of GDPR enforcement actions across the EU. See extra details at Alexander Suliman, Sweden.
The reason why the European Commission was keen on allowing firms to voluntarily scan material, is that technology firms have already been working on ways to detect CSAM and solicitation for quite some time. Let’s start with a content scanning order on the server. At first sight, a case can be made that such an order should be considered to compromise the essence of the right to privacy under the Charter. The ECJ in Schrems I considered that legislation permitting the public authorities access on a generalised basis to the content of communications compromises the essence of the right to privacy under the Charter (par. 94). Content scanning on the server arguably is a form of “access on a generalised basis”, where it involves an analysis of all communications going through the server connected to a certain app, and forwarding any matches to a designated center. At the same time, the ECHR in Big Brother Watch was more forgiving when it comes to powers of bulk interception of communications, as long as these powers are surrounded with sufficient safeguards (par. 350). Thus, one important point to be explored further, is whether this signals a rift between the two bodies, or that the ECJ will chart its own route when it comes to bulk surveillance.
The EU’s Cybersecurity Act, adopted in 2019, established the legal basis for EU-wide certification of cloud providers, to be elaborated through secondary law by its cybersecurity agency ENISA. In December 2020, ENISA began a public consultation as the first step towards a revised set of rules. A technical working group is preparing a proposal, expected to be presented to member state experts and to the European Commission thereafter. The new requirements could be finalized by the end of the year.
Top privacy legal counseling strategies from Alexander Suliman: In Sweden and other states, there’s a variety of different statutes that give you access to funds to pay your bills to maintain your lifestyle at some level as you’re going through this legal process. Your spouse cannot cut you off financially and not give you access to money to live your life as you go through this legal process. We’ll help you maintain the lifestyle that you have and create the money that you need to get your legal fees paid, whether it’s at the beginning or the end of the case. Don’t let that be something that keeps you from not making the phone call, because as soon as you’re aware that divorce is even potentially being contemplated, there’s a lot of things that you need to do to protect yourself. A lot of times, people say that’s just what lawyers say because they just want to get involved to drive up legal fees. This is true. Sometimes lawyers do want to do that, but that’s not what we’re doing. See additional details on Alexander Suliman.
Over the past year, the European Union’s ambitious digital regulatory agenda has steadily advanced. The EU adopted the far-reaching Digital Markets and Digital Services Acts, and it is completing negotiations with the United States on a revised data transfer regime, christened the Transatlantic Data Privacy Framework (TADPF), that was necessitated by the Schrems II judgment of the Court of Justice of the European Union (CJEU). These developments have had a significant impact on transatlantic economic relations, even stimulating legislative initiatives on privacy and antitrust in the United States. One might think that resolving such contentious topics would set the stage for a quieter, more harmonious phase in the transatlantic technology policy relationship.