Good checklist and plan, and other information – in German:
https://datenschutz-generator.de/dsgvo-usa-muster-checkliste-scc/
CNIL whitepaper on voice assistants
EDPB: Guidelines 8/2020 on the targeting of social media users (v1, 2-Sep-2020, for public consultation)
Version 1.0
Adopted on 2 September 2020
Version for public consultation
Swiss-US PrivacyShield is dead (08-Sep-2020)
US-Privacy Shield is no longer listed as adequate in list maintained by Swiss Federal Data Protection Office. (updated 8-Sep-2020)
https://www.edoeb.admin.ch/dam/edoeb/de/dokumente/2020/staatenliste.pdf.download.pdf/20200908_Staatenliste_d.pdf
EDöB’s assessment on 8-Sep-2020: https://www.admin.ch/gov/de/start/dokumentation/medienmitteilungen.msg-id-80318.html
LfDIBW: Orientierungshilfe SchremsII (7-Sep-2020)
Declassified FISA court ruling on NSA and FBI personal data collection
The recently declassified ruling by FISA Court James Boasberg about NSA and FBI violations of privacy in collecting personal data from tech and telcos,
Full text here:
https://www.intelligence.gov/assets/documents/702%20Documents/declassified/2019_702_Cert_FISC_Opinion_06Dec19_OCR.pdf
CNIL guidance on data deletion and retention
In July 2020, the CNIL (DPA for France) published guidelines on data retention (Guide pratique – Les durées de conservation). https://www.cnil.fr/sites/default/files/atoms/files/guide_durees_de_conservation.pdf
These reflect early CNIL recommendations from 11-Oct-2005 on the archiving of personal data.
They aim to provide practical help to define the data retention rules and periods.
Similar to DIN-66398 (German industry standard on data retention/deletion) they don’t include guidance on specific data categories. https://din-66398.de/
However, CNIL does define data retention periods in separate dcouments (“Référentiel”). Up to now, two such Référentiels have been published for the health sector:
- Recherches dans le domaine de la santé – https://www.cnil.fr/sites/default/files/atoms/files/referentiel_-_recherches_dans_le_domaine_de_la_sante.pdf
- Traitements dans le domaine de la santé (hors recherches) – https://www.cnil.fr/sites/default/files/atoms/files/referentiel_-_traitements_dans_le_domaine_de_la_sante_hors_recherches.pdf
Guidelines 07/2020 on the concepts of controller and processor in the GDPR (succeeds WP169)
The EDPB just published the long-awaited successor of WP 169 of 2010:
Guidelines 07/2020 on the concepts of controller and processor in the GDPR
CNIL Audits – Control Charter (Privacy Inspection)
The DPA for France has published its Control Charter that explains how it conducts privacy inspections.
https://www.cnil.fr/fr/controles-de-la-cnil-une-charte-pour-tout-comprendre
Link to the actual document (in French)
https://www.cnil.fr/sites/default/files/atoms/files/cnil-charte_des_controles.pdf
New Health Apps Section on HHS.gov/HIPAA
OCR launched a new feature on HHS.gov, titled Health Apps. This new webpage takes the place of OCR’s previous Health App Developer Portal, and is available at https://www.hhs.gov/hipaa/for-professionals/special-topics/health-apps/index.html.
The new webpage highlights OCR’s guidance on when and how the Health Insurance Portability and Accountability Act (HIPAA) regulations apply to mobile health applications, including: