Tech, Data, Telecoms & Media updates

Austria

Contributed by Schoenherr
Facial recognition technology: regulations and use
  • Austria
  • 16 April 2021

In recent years there has been an increased use of technologies that match a person's digital image to a picture database. While the Austrian legal system does not expressly permit the use of such technology, the Ministry of the Interior uses it to identify unknown perpetrators suspected of intentionally committing a criminal offence. Austrian privacy experts worry that without an explicit legal basis, the use of facial recognition software may result in the gradual extension of powers.

Dashcams – safety versus privacy? The Austrian perspective
  • Austria
  • 27 November 2020

Dashcams have become increasingly popular in recent years and a built-in dashcam is now the most sought-after feature among car buyers. Buyers' primary motivation is self-explanatory: recorded footage can be used as evidence in case of an accident. However, whether dashcams are incompatible with privacy and data protection law and thus illegal on Austrian roads is a tricky question.

Third COVID-19 Act: lawfulness of processing employee health data
  • Austria
  • 08 May 2020

Parliament recently enacted the Third, Fourth and Fifth COVID-19 Acts. Although these laws have significantly changed the Austrian legal framework, none of them include data protection provisions. Thus, the legislature appears to have overlooked a significant data protection issue arising from the new law – namely, the conflict of interests between the amended Social Insurance Act and the EU General Data Protection Regulation.

COVID-19: telecoms and data protection developments
  • Austria
  • 01 May 2020

Due to the COVID-19 pandemic, telecoms providers must now send mass alerts (eg, regional access prohibitions) via text message on order of the government and provide traffic and location data for the purposes of evaluating whether individuals are complying with quarantine orders. In addition, a number of legislative developments have taken place with respect to data protection. This article outlines these recent changes.

Article 15(3) of GDPR and right to access files or documents – an Austrian perspective
  • Austria
  • 20 December 2019

With the adoption of the EU General Data Protection Regulation, the EU legislature intended to strengthen the rights of individuals (ie, data subjects or applicants) by giving them greater control over how their personal data is used. Applicants must be informed of the processing of their personal data and be able to verify whether such processing is lawful. Accessing documents is not necessary to achieve that goal. This view is supported by two recent Austrian decisions.


Belgium

Contributed by AKD
Litigation Chamber rules on validity of employee consent under GDPR
  • Belgium
  • 11 December 2020

The Litigation Chamber of the Data Protection Authority (DPA) recently provided welcome clarifications concerning the validity of employee consent. The DPA decided that the free consent of employees was possible and could be valid if all other conditions of Article 4.11 of the EU General Data Protection Regulation were fulfilled and that the data was collected for a specified and legitimate purpose but the purpose of the processing was not explicit.

DPA reprimands hospital for violating employee's access and information rights
  • Belgium
  • 18 September 2020

The Litigation Chamber of the Data Protection Authority recently issued a reprimand to a hospital for its violation of an employee's access and information rights regarding an audit, which had led to the employee's dismissal. Specifically, the hospital had refused the employee access to the external expert's audit report which had formed the basis of its decision to dismiss the employee.

DPA fines social media platform for data processing during referral programme
  • Belgium
  • 03 July 2020

The Belgian Protection Authority (DPA) recently fined a social media platform €50,000 for processing personal data during the scope of a referral programme without an appropriate legal basis. This decision is particularly relevant because it was rendered on the basis of the one-stop-shop mechanism and all of the national authorities concerned validated the DPA's reasoning.


Brazil

Comparative advertising and its limits
Montaury Pimenta, Machado & Vieira de Mello
  • Brazil
  • 05 February 2021

In an increasingly hostile market, companies have taken an innovative approach to advertising, seeking to ensure consumer loyalty. This has included comparing their products and services with those of competitors in an attempt to convince consumers that theirs are the best. However, is this type of advertising, which is (in theory) harmful to competitors whose products and services are shown as being inferior, allowed?


Cayman Islands

Contributed by Ogier
CIMA releases updated Rule and Statement of Guidance – Cybersecurity for Regulated Entities
  • Cayman Islands
  • 18 September 2020

The Cayman Islands Monetary Authority (CIMA) has updated its Rule and Statement of Guidance – Cybersecurity for Regulated Entities following feedback received during a private sector consultation. The rule, which sets out CIMA's requirements in relation to the management of cybersecurity risks, is a clear and precise directive that creates binding obligations, the breach of which may lead to a fine or regulatory action being taken by CIMA.


China

Contributed by AnJie Law Firm
Comments sought on information security measurement and evaluation specification of apps
  • China
  • 11 June 2021

The National Information Security Standardisation Technical Committee recently issued the Information Security Technology – Personal Information Security Measurement and Evaluation Specification in Mobile Internet Applications (Draft for Comment). The draft for comment sets out the implementation processes for carrying out the measurement and evaluation of personal information security in mobile apps in accordance with the Information Security Technology - Personal Information Security Specification.

Comments sought on specifications for personal information de-identification
  • China
  • 04 June 2021

The National Information Security Standardisation Technical Committee recently issued the Information Security Technology – Gradation and Evaluation for the Effect of Personal Information De-identification (Draft for Comment). The draft for comment clarifies that the identifiability of personal information can be categorised into one of four grades, based on the risk of re-identification, and can be used to evaluate the effectiveness of personal information de-identification activities.

CAC proposes stringent data protection rules for automobile sector
  • China
  • 28 May 2021

The Cyberspace Administration of China recently issued Several Provisions on the Safety Management of Automobile Data (Draft) to solicit public opinion. The draft provisions provide a series of stringent data protection and cybersecurity rules for the automobile sector which will affect almost all players in the automobile industry chain. This article summarises the noteworthy rules that the draft provisions propose.

Supreme People's Procuratorate issues provisions on handling of cybercrime cases
  • China
  • 19 March 2021

The Supreme People's Procuratorate recently issued the Provisions on the Handling of Cybercrime Cases by the People's Procuratorates, which include general provisions, as well as provisions on the guided collection of evidence and case reviews, the review of electronic data and court attendance in support of public prosecutions. Among other things, the provisions require the people's procuratorates to strengthen the penalties handed down in cybercrime cases.

MIIT launches cybersecurity pilot programme
  • China
  • 12 March 2021

The Ministry of Industry and Information Technology recently issued the Circular on Launching the Pilot Programme on Classified and Graded Management of Cybersecurity of Industrial Internet Enterprises. The pilot programme is initially scheduled to launch in 15 provinces and aims, among other things, to perfect the rationality, effectiveness and operability of the rules, standards, classification procedures and grading for industrial internet cybersecurity.