Date: October 29, 2021
In Case You Missed It: EU Privacy, Data and Consumer Legislative Updates of the Past Month
Date | Tag | News | Link to Source |
October 29 | Cybersecurity | The European Commission announced that it adopted a delegate act to the Radio Equipment Directive (Directive (EU) 2014/53). This act sets out measures to (1) improve network resilience; (2) better protect consumers’ privacy; and (3) reduce the risk of monetary fraud.
The delegated act will come into force following a two-month scrutiny period, should the Council and Parliament not raise any objections. |
link |
October 28 | Cybersecurity | European Parliament adopts position on Directive on measures for a high common level of cybersecurity across the Union (“NIS2 Directive”) and starts negotiations with Council | link |
October 20 | AI | European Commission launches public consultation ending on January 10 on the rules on compensation for damage caused by defective products with a specific focus on AI | link and link |
October 19 | Cybersecurity | European Commission invites the EU and Member States to further develop the EU cybersecurity crisis management framework, including by exploring the potential of building a joint cyber unit to tackle the rising number of serious cyber incidents impacting public services, businesses and citizens across the EU | link |
October 19 | Cybersecurity | European Commission will propose a European Cyber Resilience Act to establish common cybersecurity standards, and begin building an EU space-based global secure communications system to provide additional EU-wide broadband connectivity and secure independent communications to Member States | link |
October 13 | Data Protection – Other | European Data Protection Board (“EDPB”) issues guidelines on restrictions under Article 23 GDPR (i.e., restrictions will be defined as any limitation of scope of the obligations and rights provided for in Articles 12 to 22 and 34 GDPR as well as corresponding provisions of Article 5 in accordance with Article 23 GDPR) | link |
October 13 | Children Data | EDPB will adopt guidelines on children’s data | link |
October 13 | Personal Data Transfers | EDPB will adopt guidelines regarding the relationship between the GDPR’s extraterritorial reach and data transfer restrictions. EDPB announced that the European Commission will develop a new set of standard contractual clauses for data transfers from the EEA to a non-EEA entity that is subject to the extra-territorial scope of the GDPR. | link |
October 13 | Digital Services | EDPB will adopt statement on overarching concerns regarding legislative proposals in Digital Services Package | link |
October 12 | Cybersecurity | European Parliament adopts position on new rules on EU critical infrastructure entities | link |
October 7 | AI | European Consumer Organization (“BEUC”) issues position paper on the AI Act | link |
October 6 | AI | European Parliament adopts resolution on AI in criminal law and its use by the police and judicial authorities in criminal matters | link |
October 1 | Open Data | Council of the EU approves version of the Data Governance Act, which will now be negotiated with the European Parliament | link and link |
What’s Coming Next
- Negotiations on the Data Governance Act between Parliament and the Council are scheduled for November 9, and early December (see here)
- Council of the EU is preparing position on the evaluation and findings on the application of the Directive (EU) 2016/680 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties (see here)