This Week in Privacy: 23 May 2022
May 23, 2022
Brazil: ANPD calls for comments on regulation of international data transfers
The Brazilian data protection authority opened a call for comments on the regulation of international data transfers.
The ANPD stated that the regulations would be released in stages with the first stage focusing on the contractual instruments for international data transfers, namely Standard Contractual Clauses ('SCCs'), specific contractual clauses, and Binding Corporate Rules ('BCRs').
Comments must be submitted by 17 June.
Read more here.
France: CNIL publishes criteria for assessing legality of cookie walls
The French data protection authority published guidance on the criteria for assessing the legality of cookie walls.
CNIL highlighted the guidance follows the Council of State's decision of 19 June 2020 whereby it ruled that CNIL could not impose a blanket ban on the use of cookie walls.
The new guidance provides that if the requirement of 'free' consent under the GDPR does not lead to a general ban on the practice of cookie walls, their legality must be assessed taking into account in particular the existence of real and satisfactory alternatives offered in the event of users refusing the deposit of cookies on their terminal devices.
Read more here.
EU: EDPB adopts guidelines on calculation of fines and use of FRT in law enforcement
The European Data Protection Board adopted its guidelines on the calculation of administrative fines for public consultation.
The Administrative Fines Guidelines aim to harmonise the methodology that data protection authorities use, including harmonised 'starting points' for the calculation of a fine. In addition, the EDPB highlighted three elements, which include the categorisation of infringements by nature, the seriousness of the infringement, and the turnover of a business. Furthermore, the EDPB emphasised that the Administrative Fines Guidelines set out a five-step calculation methodology.
The consultation period closes on 27 June.
Read more here.