Included in this edition of data & privacy news; Data Download Brexit & Data Protection webinar; clearview AI to be investigated by UK & Australia data regulators; TikTok deletes 49 million videos due to rule-breaking; and more...


Data Download Webinar on Tuesday 21 July 

Join our Data Management Team on Tuesday 21 July at Midday to hear about Brexit and Data Protection, particularly:

  • what will not change from 1 January 2021;
  • data protection implications in the case of a No Deal and in the case of a Deal;
  • managing data transfers to and from the EEA; and 
  • appointing a GDPR EU or a UK Representative.

Sign up here >

External Contact Tracing Webinar on Wednesday 15 July 

AG's Data Partner, Nathalie Moreno, will be joining the panel of the Wall Street Journal Pro Cybersecurity webinar where she'll be speaking about contact tracing on 15 July 2020.  

Click here to be navigated to the Wall Street Journal to register.

CJEU to rule in Schrems II case on 16 July 2020

On Thursday 16 July 2020, the Court of Justice of the European Union (CJEU) will make its long anticipated ruling in the Schrems II case against Facebook. This ruling will determine the extent to which the standard contractual clauses (aka model clauses) continue to be a valid form of adequate protection for the transfer of personal data outside the EEA under GDPR. The Advocate General opined last December that the clauses remain sufficient although raised questions around the protection of personal data in the US given the powers available under its national security laws. In any event, the Advocate General noted that each transfer should be assessed on a case by case basis. Although not binding many anticipate that the CJEU will follow the Advocate General's finding.  

Discussion paper published on draft E-Privacy Regulation

The German Presidency of the Council of the European Union has published a discussion paper on the draft E-Privacy Regulation to be considered during the next Working Party discussions.

The German Presidency have said that the starting point will be the Croatian Presidency's compromise proposal 6543/20, which aims to reach a General Approach or a mandate to begin informal European Parliament trialogue negotiations. 

Member States have until 24 July 2020 to submit written comments to the German Presidency to assist in drafting a new compromise text. 

EDPS publishes opinions on EC's AI White Paper and strategy for data

The European Data Protection Supervisor (EDPS) has published opinions on Al and data strategy in response to the European Commission's (EC) publications on the subjects.  

  • Strategy for data – the EDPS generally welcomes the strategy approach and expects to be consulted on any legislative follow-up that transpires from the strategy
  • Al White Paper – the EDPS welcomes the proposal for a European approach to Al and makes recommendations for a new regulatory framework for Al

TikTok deletes 49 million videos for rule-breaking over 6 month period 

In its latest transparency report, TikTok confirmed that it had deleted more than 49 million videos between July and December 2019 for rule-breaking. 

The video-sharing app, owned by Chinese firm ByteDance, revealed it had received around 500 data requests from governments and police and had complied with about 480 of such requests. 

Due to cyber-security concerns, the app is currently banned in India. The US has also suggested it is "looking at" whether to ban it. 

Clearview Al to be investigated by UK and Australia data regulators

The UK ICO and the Australian Information Commissioner have announced a joint investigation into Clearview Al, a facial recognition company, that scrapes social media sites.

The company is already been investigated by the Office of the Privacy Commissioner of Canada for using technology to collect images and make facial recognition available to law enforcement. 

Clearview Al has said it is withdrawing its services from Canada, in response to the investigation by the privacy protection authorities.

First candidate cybersecurity certification scheme consultation launched by ENISA 

The European Union Agency for Cybersecurity (ENISA) has launched a consultation for the first candidate cybersecurity certification scheme. 

The scheme, named the Common Criteria based European cybersecurity certification scheme, has been developed under the Cybersecurity Act (EU) 2019, which aims to establish an EU-wide cybersecurity framework to strengthen the digital market.

The consultation ends on the 2 August 2020.

Report suggests data breach fines could surge this year

A report by DSA Connect claims data breach fines will increase in the near future due to employees having more access to data, which could be mishandled and breached. 

Of the 1,000 workers polled for the report, a third said they had worked with more data over the last year and more than a third (37%) claimed they expected both the number and value of fines to rise by 2025. 

Key Contacts

Ross McKenzie

Ross McKenzie

Partner, Commercial Services
Aberdeen, UK

View profile
Helena Brown

Helena Brown

Partner, Head of Data
Edinburgh, UK

View profile
Dr. Nathalie Moreno

Dr. Nathalie Moreno

Partner, Commercial Services
London

View profile
Beatrice Duke

Beatrice Duke

Managing Associate, Commercial
Leeds, UK

View profile
Jo McLean

Jo McLean

Managing Associate, Intellectual Property
Edinburgh, UK

View profile
Annabelle Gold-Caution

Annabelle Gold-Caution

Managing Associate, Commercial
Manchester

View profile