Guidance needed from the European Data Protection Board.

The decision from the Court of Justice of the European Union (CJEU) on the adequacy failings of the protection provided by the EU-US Privacy Shield has left organisations in confusion. While the Shield is out and Standard Contractual Clauses remain, organisations will have to satisfy themselves about the level of the data protection law in the country where they transfer data. National EU DPAs need to unite now in terms of their response.

Clearview’s practices processing facial recognition data have been attracting the attention of individual DPAs, and collectively as the European Data Protection Board (EDPB). The EDPB is doubtful whether a legal basis can be found for using Clearview AI services in the EU.

As Amazon issues a one-year moratorium for police use of its facial recognition tech, the EU Commission ponders whether legislation is needed for AI. It is not expected that the GDPR will be amended in light of new technologies now that the Commission has made its and stakeholders’ views clear in its review.

Last year, the Planet-49 case on cookies made organisations aware of the tricky issue of cookie consent. What has happened in Germany with this ruling of the CJEU, and how does it impact cookie compliance? Read our correspondent’s analysis.

After a long wait, many parts of South Africa’s privacy law are now in force, and Jamaica has legislated, mostly in GDPR-style. Both laws have GDPR-influenced definitions of common terms.

As the pandemic has put a strain on everyone’s personal and professional life, what lessons can be learned on managing the crisis? Our contributor from Korea says that while his country is regarded as a successful in containing the spread of Covid-19, its actions have been criticised by privacy activists. Please send me ( your views on returning to the workplace after the pandemic.

Laura Linkomies
Editor, Privacy Laws & Business

August 2020