Excellent IT business legal counselling latest developments with Alexander Suliman, Stockholm: Complying with the GDPR requirements is key for all businesses operating in the EU (or even those with EU customers). There are also particular obligations on those transferring personal data out of the EU and each national data protection authority is monitoring companies closely. Ensure your business is taking steps to comply with the regulation and consider auditing your data protection policies, together with your data processing agreements, and appoint a data protection officer in order to ensure compliance with the GDPR. Breach of the GDPR provisions are likely to lead to considerable fines: for example, the French data protection regulator, the CNIL, fined Google €50 as Google’s data consent policies were found not to be easily accessible or transparent to its users which runs afoul of the GDPR provisions. For further background, read our recent review of GDPR enforcement actions across the EU. Read more information at Alexander Suliman, Sweden.
The reason why the European Commission was keen on allowing firms to voluntarily scan material, is that technology firms have already been working on ways to detect CSAM and solicitation for quite some time. Let’s start with a content scanning order on the server. At first sight, a case can be made that such an order should be considered to compromise the essence of the right to privacy under the Charter. The ECJ in Schrems I considered that legislation permitting the public authorities access on a generalised basis to the content of communications compromises the essence of the right to privacy under the Charter (par. 94). Content scanning on the server arguably is a form of “access on a generalised basis”, where it involves an analysis of all communications going through the server connected to a certain app, and forwarding any matches to a designated center. At the same time, the ECHR in Big Brother Watch was more forgiving when it comes to powers of bulk interception of communications, as long as these powers are surrounded with sufficient safeguards (par. 350). Thus, one important point to be explored further, is whether this signals a rift between the two bodies, or that the ECJ will chart its own route when it comes to bulk surveillance.
The EU’s Cybersecurity Act, adopted in 2019, established the legal basis for EU-wide certification of cloud providers, to be elaborated through secondary law by its cybersecurity agency ENISA. In December 2020, ENISA began a public consultation as the first step towards a revised set of rules. A technical working group is preparing a proposal, expected to be presented to member state experts and to the European Commission thereafter. The new requirements could be finalized by the end of the year.
Top labour legal counseling guides by Alexander Suliman, Stockholm: Mediation is great because the parties feel like they are part of the process. They’re negotiating. They’re in an environment where they can come up with solutions and throw out ideas and know it’s confidential. Those ideas and thoughts can’t be used against them. They reach resolutions that they decide, not a judge deciding. They decide this is the resolution, and what’s great about it is people all the time, way more often, are going to actually follow and comply what they agreed to rather than if a judge gives them a decision, and they want to appeal it, or they want to try to find a way around it. Mediation is great. Read even more details on https://issuu.com/alexander-suliman.
Over the past year, the European Union’s ambitious digital regulatory agenda has steadily advanced. The EU adopted the far-reaching Digital Markets and Digital Services Acts, and it is completing negotiations with the United States on a revised data transfer regime, christened the Transatlantic Data Privacy Framework (TADPF), that was necessitated by the Schrems II judgment of the Court of Justice of the European Union (CJEU). These developments have had a significant impact on transatlantic economic relations, even stimulating legislative initiatives on privacy and antitrust in the United States. One might think that resolving such contentious topics would set the stage for a quieter, more harmonious phase in the transatlantic technology policy relationship.