Included in this edition of data & privacy news: ICO launches consultation on data ethics plan; the EC proposes new Regulation on European data governance and launches consultation and more...

ICO launches consultation on data ethics plan

The ICO has launched a consultation asking organisations and individuals what their current or future plans are for data ethics.

The ICO is looking to hear about the data ethical frameworks that data protection individuals use, the ease of translating data ethical frameworks into practical steps, whether existing decision-making steps or documents contain data ethics and if organisations have a Data Ethics Board. 

The consultation closes on 16 December 2020. Responses will not be used in respect of regulatory action. 

EDPB adopts statement on draft e-Privacy Regulation 

The European Data Protection Board (EDPB) has adopted a statement on the draft e-Privacy Regulation, which includes what the future role of supervisory authorities and the EDPB will be and stressed the need to approve it as soon as possible. 

The EDPB has expressed concerns around discussions on enforcement of the future e-Privacy Regulation saying it could lead to fragmented supervision, procedural complexity and legal uncertainty for individuals and organisations. Many of the provisions of the Regulations are intertwined with the GDPR, so enforcement should be entrusted to the same authority. 

French data protection regulator fines Carrefour for compliance failures 

The French data protection regulation, CNIL, has fined Carrefour France €2.25 million and Carrefour Banque €800,000 for a number of data protection compliance failures. 

CNIL found that the companies had failed to obtain cookies consent, respect data subject rights, had excessive data retention periods of 4 years and were carrying out unfair processing of data. 

When considering the fine, CNIL took into account Carrefour's significant remedial action following the investigation and the extra resources it had allocated to deal with data subject requests.

European Commission proposes new Regulation on European data governance and launches consultation

The European Commission (EC) has published a proposal for a new Regulation on European data governance that will encourage the sharing of data across sectors and member states, as well as the exchange of data generated by public and private sector organisations. 

Data generated by public bodies, organisations and individuals is continually growing and expected to multiply by 5 from 2018 to 2025. The EC believes the new Regulations will better exploit this ever-growing data into a trustworthy European framework. 

The EC has launched a consultation alongside the publication of the Regulations. The consultation closes on 21 January 2021. 

EU home affairs ministers release statement on data encryption

In response to recent terrorist attacks in Europe, EU home affairs ministers have released a joint statement, which asks for a review of the data exchange framework for transactional crime matters for terrorism cases. 

The home office ministers stated the European Council must consider the matter of data encryption so that digital evidence can be collected lawfully and used by competent authorities whilst maintain trustworthiness of encryption based products and services.