EU-US Privacy Shield
On May 28th, Tech Crunch reported that the General Court of the European Union agreed to hear a complaint brought by the French digital rights group La Quadrature du Net against the European Commission challenging the EU-U.S. Privacy Shield. La Quadrature du Net argued in the complaint that U.S. privacy laws and government surveillance practices fail to meet the data protection standards necessary by EU law and does not provide adequate protection for EU citizens’ data.
General Data Protection Regulation
On March 16th, the European Data Protection Board (EDPB) reported that in the one year since the General Data Protection Regulation (GDPR) took effect, European data protection authorities have received 65,000 data breach notifications and 94,000 total complaints. According to the article, the EDPB estimates that the frequency of data breaches has remained constant, but the rates at which organisations report data breaches has increased significantly.
On May 24th, Irish Commissioner for Data Protection Helen Dixon published a press release on the anniversary of the implementation of the General Data Protection Regulation (GDPR). According to Commissioner Dixon, in the first year of the GDPR:
- 6,624 complaints were received;
- 5,818 valid data security breaches were notified;
- 54 investigations were opened, 19 of which were cross-border investigations; and
- 1,206 Data Protection Officer notifications were received.
Irish Data Protection Commission
On May 22nd, the Irish Data Protection Commission (DPC) initiated a statutory inquiry into Google Ireland Limited for its processing of personal data on it’s the Google Exchange. The DPC investigation will consider if the Google Ad Exchange data processing and data retention practices are compliant with the General Data Protection Regulation.
International Data Flow
On May 27th, the Information Technology and Innovation Foundation (ITIF), a technology policy think tank, released a report recommending that G20 countries adopt trans-border data flow principles that include strong data protection standards. ITIF proposed four core principles for the G20 countries to consider at the G20 Ministerial Meeting on Trade and Digital Economy, which would promote trans-border data exchange while protecting the privacy of the individuals’ data. ITIF recommends that counties:
- Hold organisations accountable for managing data that they collect, regardless if a third-party stores or processes that data;
- Amend the processes for law enforcement requests for access to data stored in another country’s jurisdiction;
- Develop legal and administrative policies to allow Internet service providers to block data flows that involve illegal distribution of unlicensed content; and
- Support encryption in securing data flows and digital technologies.