Parliament recently enacted the Third, Fourth and Fifth COVID-19 Acts. Although these laws have significantly changed the Austrian legal framework, none of them include data protection provisions. Thus, the legislature appears to have overlooked a significant data protection issue arising from the new law – namely, the conflict of interests between the amended Social Insurance Act and the EU General Data Protection Regulation.
Due to the COVID-19 pandemic, telecoms providers must now send mass alerts (eg, regional access prohibitions) via text message on order of the government and provide traffic and location data for the purposes of evaluating whether individuals are complying with quarantine orders. In addition, a number of legislative developments have taken place with respect to data protection. This article outlines these recent changes.
With the adoption of the EU General Data Protection Regulation, the EU legislature intended to strengthen the rights of individuals (ie, data subjects or applicants) by giving them greater control over how their personal data is used. Applicants must be informed of the processing of their personal data and be able to verify whether such processing is lawful. Accessing documents is not necessary to achieve that goal. This view is supported by two recent Austrian decisions.
'Influencer marketing' means taking advantage of bloggers and other persons who have their own social media channels to promote goods and services. While the concept of transmitting arguably hidden advertising is problematic, there are many variations of this and the lines between hidden advertising and personal opinion are often blurred. As such, the Advertising Council recently issued guidelines for dealing with influencer marketing as a specific means of marketing communication.
The EU General Data Protection Regulation (GDPR) has created a new understanding and awareness of data protection. Despite being a directly applicable legal act, the GDPR has created significant work for the Austrian federal legislature, which has chosen to impose it by implementing the narrow but general Data Protection Act and introducing amendments to ordinary legal acts individually. However, these amendments are essentially limited to wording adjustments and restrictions on data subjects' rights.
The Belgian Protection Authority (DPA) recently fined a social media platform €50,000 for processing personal data during the scope of a referral programme without an appropriate legal basis. This decision is particularly relevant because it was rendered on the basis of the one-stop-shop mechanism and all of the national authorities concerned validated the DPA's reasoning.
The president recently approved, with a partial veto, the Project for a General Law regarding Data Protection. The law will regulate the processing of personal data in Brazil. Even though this adaptation may be costly and time consuming, the enforcement of the law is expected to guarantee greater protection of personal data, increasing confidence in Brazil's economic environment.
The App Special Governance Panel recently issued the 2019 Special Governance Report on Apps for Illegal Collection and Use of Personal Information, summarising governance efforts from January 2019. According to the report, illegal collection and use activities by apps will be cracked down on and enterprises' capacity to protect personal information will be greatly improved. Further, knowledge of personal information protection by apps should be extensively available.
According to the Notice of the People's Bank of China on Issuing Financial Industry Standards on Strengthening the Security Management of Mobile Financial Client Application Software, the National Internet Finance Association of China has organised a real-name filing for mobile financial apps. There are 73 apps in the first batch to be filed with the association.
The Ministry of Industry and Information Technology (MIIT) recently established third-party testing institutions to monitor mobile apps and ordered app operators found to have infringed users' rights and interests to rectify this problem. The MIIT subsequently found that 16 app operators had failed to meet the rectification requirements and ordered them to comply with its request.
In the first quarter of 2020, the Network Security Department of the national public security organs reportedly developed its functions, strengthened the protection of citizens' personal information and investigated and dealt with 386 illegal apps for collecting citizens' personal information in accordance with the law. This article provides a brief summary of the department's activities.
To further regulate the dissemination of information online and protect the public interest, the Cyberspace Administration of China (CAC) recently launched a nationwide clean up the Internet campaign lasting for eight months from May 2020. According to the CAC, the campaign comprehensively covers various online communication channels and platforms and aims to remove illegal and harmful information from the Internet.
At present, the regulation of the AI sector in Croatia is practically non-existent, as is the case in many other EU member states. This might be viewed as troublesome, as the technology is advancing rapidly without a specific legal control system to provide guidance. However, the issues arising from the use of AI are complex and difficult to foresee, which makes the legislative process time consuming and demanding.
Croatia has among the lowest number of infected persons and persons requiring hospital care due to the COVID-19 outbreak. Despite this fact, the government has amended the Electronic Communications Act enabling the legal use of mobile data as an additional tool in its strategy to combat the pandemic. However, the process has been deterred by the opposition finding the amendments potentially unconstitutional and unjustified.
The European Commission's recent communication shows that only two member states have adopted the national legislation required to implement the EU General Data Protection Regulation. Others, Croatia included, are at different stages of the process. To meet the May 25 2018 deadline, Croatia should promptly address its national approach to open issues – in particular, its policies surrounding administrative fines.