New guidelines for calculating GDPR fines in the EU for data privacy violations
EDPB has adopted guidelines to harmonise regulators’ methodology for calculating fine amounts.
According to our consultants point of view, the new Guidance on the imposition of Fines provides a clear sequence of actions of the supervisory authority for calculating the fine. WIthout any debt, it’s accompanied by examples. The adoption of such Guidelines not only simplifies the task of supervisory authorities and unifies the approach to calculating fines, but also makes the system more transparent and fair. Now, the supervisory authorities are obliged to take into account not only the circumstances of the violation, but also the context. By the way, businesses have the opportunity to predict the consequences of possible violations in the field of privacy and to choose a more conscious approach to personal data protection.
How GDPR Is Failing
May 25 marked 4 years since the GDPR went into effect. What is happening now?
Our professional team thinks the effectiveness of the Regulation is questioned due to the lack of a unified approach to its enforcement. However, such assessments are somewhat premature, GDPR was adopted relatively recently and includes a lot of issues relevant in the field of privacy, so it is quite natural that the process of developing and enforcing a unified approach in everything will take some time. It is not necessary to perceive the Regulation as a panacea, because it does not justify such high expectations after only 4 years of its adoption.
Twitter agrees to pay $150M for breaking privacy promises
Twitter has agreed to pay $150 million as part of a settlement with regulators over allegations that the social media company misrepresented the “security and privacy” of user data over several years.
Following the opinion of our experts, twitter’s decision to pay $150 million is significant primarily because it is not about a fine, but about voluntary compensation as a result of the agreement. In addition, the social network also pledged to improve its approach to the data protection issue. Although the sanctions aspect is certainly presented here, the point is in a softer approach that promotes the cultivation of a responsible attitude to personal data protection in the social network. Building a perception of responsibility not only as inevitable negative consequences as a result of a violation, but also as a conscious approach to personal data protection can be a very promising method for ensuring GDPR compliance.
The Data Privacy Office Europe team discussed the main difference between GDPR and new UAE legislation during the webinar organized on June 1st.
According to the Data Privacy Regulation framework in the United Arab Emirates, namely the Federal Data Protection Law No. 45 of 2021, businesses need to incorporate its requirements into their current business processes to ensure compliance.
Upon the event speakers considered the Data Protection Legislation of the UAE in the context of the legal system. Actually, It is obvious that the same piece of legislation which is broad to a different legal environment, legal culture, legal tradition works differently.
The territorial scope of the Federal law in the UAE is quite straightforward. It is very similar to GDPR: if you are a controller or processor inside the UAE, you should follow the law. Even if your company is not established in the UAE, there might be cases when you process the personal data of subjects that are in the UAE. In this situation you have to follow UAE law too. But if you are outside the UAE and you don’t process the personal data within UAE the law doesn’t apply. Among exemptions would be Dubai International Financial Center Law N5 2020, which has its own articles devoted to a territorial scope.