This Week in Privacy: 15 February 2021
February 15, 2021
Council agrees position on ePrivacy Regulation
The Council of the European Union announced that it had reached agreement on the proposed ePrivacy Regulation. The draft ePrivacy Regulation has been under debate for a number of years, and would overhaul the existing regime under the current ePrivacy Directive. The Council highlighted new rules applicable to cookies, including that making access to a website dependent on consent to the use of cookies for additional purposes as an alternative to a paywall will be allowed if the user is able to choose between that offer and an equivalent offer by the same provider that does not involve consenting to cookies. In addition, according to the Council, to avoid cookie consent fatigue, an end-user will be able to give consent to the use of certain types of cookies by whitelisting one or several providers in their browser settings. The draft Regulation also includes rules on online identification and public directories, as well as unsolicited and direct marketing.
The Portuguese Presidency will now commence negotiations with the European Parliament on the final text of the Regulation.
NYDFS issues cyber insurance risk framework
The New York State Department of Financial Services issued a Cyber Insurance Risk Framework, marking the first time a regulator in the US has issued specific guidance on cyber insurance. In particular, the Framework applies to all authorised property or casualty insurers that write cyber insurance, and outlines best practices for managing cyber insurance risk. The Framework recommends the establishment of a formal cyber insurance risk strategy, determining whether an insurer is exposed to silent or non-affirmative cyber insurance risk and managing this exposure, regularly evaluating systemic risk and planning for potential losses, obtaining cybersecurity expertise through recruitment, and requiring notice to law enforcement in the event of a cyber attack.
DCMS publishes draft Trust Framework on future use of digital identities for public comment
The UK Department for Digital, Culture, Media & Sport published its draft Trust Framework for governing the future use of digital identities. In particular, the Trust Framework relates to data protection, security, and inclusivity, and is part of the DCMS' work in relation to simplifying procedures for individuals to verify themselves using technology. The Trust Framework includes principles, policies, procedures, and standards governing the use of digital identity to allow for the sharing of information to check people's identities or personal details, such as a user's address or age, in a trusted and consistent way, aiming to enable interoperability and increase public confidence. The Trust Framework also outlines specific standards and requirements for organisations which provide or use digital identity services.