Privacy Alerts – week 22


The world of privacy legislation and the protection of personal data is constantly changing. Our bi-weekly Privacy Alerts keep you informed of the latest news and developments in the privacy field.

EDPB harmonises policy rules for privacy fines

The European Data Protection Board has drafted a set of new GDPR fine policy rules in an attempt to correct the current situation of all EU Data Protection Authorities operating within their own individual fine regimes. In the new system, one overall set of policy rules will determine the setting of fine amounts across the (European) board. Initially, as not all EU member states allow for sanctioning of national government agencies, the new guidelines will only apply to commercial organisations. Public institutions will be covered in additional provisions to be published at a later date. The new rules will be available for consultation until June 27 2022.

Twitter settles privacy case

As reported in a press statement by the U.S. Department of Justice, Twitter has agreed to a 150 million dollar settlement in resolution of a privacy dispute that had been dragging on for multiple years. “Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” says the director of FTC, the American Federal Trade Commission. “This practice affected over 140 million Twitter users.” With this settlement, Twitter has now removed the threat of criminal prosecution in the United States.

Dutch ACM: Online sales to be governed by more stringent rules

As of May 28 2022, in the Netherlands additional rules will apply to online sales as a way of offering consumers better protection in the digital economy. Some of the new provisions involve an explicit ban on posting “fake reviews” and the requirement for sellers to provide transparency on offers being based on user profiles or a specific consumer’s purchase history. The new rules, to be enforced by the ACM (Autoriteit Consument & Markt, the Authority for Consumer and Market), will also apply to online services or digital content for which personal information, not actual currency, is the transactional compensation. In these scenarios as well, consumers have the right to previous information, plus a period of reflection. 

European DPA concerns on new money laundering legislation

Serious modifications are required to proposed new European legislation aimed at the prevention of money laundering by making it mandatory for banks and other financial institutions to run more extensive customer checks. In their current form, the proposals may result in account applications being refused for invalid reasons, while also leading to the unnecessary processing of potentially sensitive personal data, including religion- and health-related information. This is the position taken by the European privacy supervisors organised in the European Data Protection Board (EDPB).

While appreciating the proposed legislation’s intention of extending the scope of checks to be carried out by financial institutions, the EDPB is nevertheless concerned that the new requirements will also have undesirable side effects. These concerns have now been expressed in a letter to the European Parliament and the Council of the European Union.

Meta updates privacy policy

Meta has updated the privacy policies related to Facebook, Instagram and Messenger by including new texts and cleaning up the overall design. The tech company claims that the changes are part of a commitment toward ‘better explaining their policies’, which is also expressed in the new information structure now combining privacy policy and privacy settings in one single overview.

In its privacy policy Meta explains, among other things, the collection and processing of information, the retention periods of specific data, the collection of location data and the personalisation of the user experience. The organisation also claims that with the new design, users are getting more adequate information on Meta’s ways of cooperating with partners, suppliers, service providers and third parties.

As of May 26, notifications on the new privacy policy will be posted on Facebook, Instagram and Messenger until the time when the update goes live on July 26. The updated Meta privacy policy will apply to the Facebook, Instagram and Messenger platforms. It will not apply to WhatsApp, Workplace, Messenger Kids and other Meta products.

European Commission publishes Q&A on SCCs

The European Commission has published a Q&A document on Standard Contractual clauses (SCCs) for data transfers under the GDPR. As of December 27, all existing SCCs for international data transfers will cease to be validly applicable, being at that point definitively replaced by the new clauses. As communicated by the Commission, the Q&A document now published includes practical instructions on the use of SCCs and guidance in complying with the new standards. The EC adds that the document is intended as a ‘dynamic’ source of information, to be updated when new questions call for additional discussion.

Recent publications

Privacy Weekly

Subscribe to Privacy Weekly and stay up to date on recent privacy trends and developments.

In search of

Free GDPR|Check

Connect with us

Subscribe to Privacy Weekly

Subscribe to Privacy Weekly
A privacy alert, blog post or white paper in your inbox every Thursday!

We use only functional and analytical cookies to ensure that we give you the best experience on our website. This means that our cookies do not collect personal data. Learn more.