Data Protection Newsletter

√     Newly issued: guidelines on data breach and two sets of SCCs
√     Website Evidence Collector – a free-to-use compliance tool for websites
√     New draft of the ePrivacy Regulation

1.     Newly issued guidance from the European competent bodies

A.     Guidelines 01/2021 on examples regarding data breach notification

The European Data Protection Board (EDPB) issued guidelines on examples regarding data breach notifications. They aim to introduce practice orientated guidance and to help data controllers in deciding how to handle data breaches. The guidelines are currently on the public consultation phase.

B.     EDPB and EDPS adopt joint opinions on new sets of SCCs

On 15 January 2021, EDPB and the European Data Protection Supervisor (EDPS) issued two joint opinions on the proposed standard contractual clauses (SCCs) released by the European Commission in November 2020. The joint opinions refer to SCCs applicable for international transfers and SCCs applicable for controller-processor relationships within EEA. The SCCs are also aligned with the recent requirements arising from the Schrems II Decision.

2.     Website Evidence Collector

EDPS developed an open-source software tool for the automated inspections of websites in relation to privacy and persona data protection. The software is available for download on the European Commission’s collaborative platform Joinup and on the world-wide known software development platform, GitHub. The tool collects evidence of personal data processing, such as cookies or requests to third parties in order to enable controllers and end-users to understand better which information is transferred and stored during their website visit.

3.     New draft of the ePrivacy Regulation

On January 5th, 2021, the Council of the European Union released a new draft version of the ePrivacy Regulation, which is meant to replace the ePrivacy Directive. The regulation aims to safeguard the privacy of end-users, the confidentiality of their communications, and the integrity of their devices.  These requirements and limitations will apply uniformly in all EU Member States.


*This ePublication is provided by Radu Taracila Padurari Retevoescu SCA and is for information purposes only. It does not constitute legal advice or an offer for legal services. The distribution of this document does not create an attorney−client relationship. If you require advice on any of the matters raised in this document, please call your usual contact at Radu Taracila Padurari Retevoescu SCA at +40 31 405 7777.