For­eign announcement

Trans-Atlan­tic Data Pri­va­cy Frame­work: Exe­cu­ti­ve Order expec­ted next week 

Accord­ing to a report by the news por­tal Poli­ti­co, the White Hou­se will publish an exe­cu­ti­ve order on trans­at­lan­tic data trans­fers next week. The report is based on unof­fi­cial state­ments from the White Hou­se. This will be fol­lo­wed by a rati­fi­ca­ti­on pro­cess by the Euro­pean Com­mis­si­on, which will take until

VUD: FAQ on the use of cloud technologies 

In view of the dis­cus­sions cur­r­ent­ly under­way, the Asso­cia­ti­on for Cor­po­ra­te Data Pro­tec­tion (VUD) has published “FAQ on the use of cloud tech­no­lo­gies”. The docu­ment is dated August 26, 2022 and is avail­ab­le here on the VUD web­site. The FAQ or the ans­wers are avail­ab­le after

TIAs: FAQ about the Rosen­thal method 

David Rosen­thal has famous­ly made avail­ab­le several forms that sup­port risk assess­ments rela­ted to trans­fers of per­so­nal data abroad (see here for more on this). So far, they are the fol­lo­wing forms, in logi­cal order: Sur­vey of Local Law with Refe­rence to Law­ful Access:

Den­mark: Ban on the use of Chrome­books and Goog­le Work­s­pace by municipalities 

In a deci­si­on dated July 14, 2022, the Danish data pro­tec­tion super­vi­so­ry aut­ho­ri­ty, Data­til­syn­et, com­men­ted on the use of Goog­le pro­ducts by a muni­ci­pa­li­ty and in par­ti­cu­lar on the trans­fer to the USA: Deci­si­on in the Danish ori­gi­nal Ger­man trans­la­ti­on (DeepL, PDF) Back­ground and prohibitions

Ire­land: Face­book faces ban on data dis­clo­sure to U.S.

Accord­ing to media reports, the Irish data pro­tec­tion aut­ho­ri­ty intends to pro­hi­bit the dis­clo­sure of data from Ire­land to the USA wit­hin the Face­book group. It is said to have sent a draft of a cor­re­spon­ding deci­si­on to the other Euro­pean data pro­tec­tion aut­ho­ri­ties for com­ment, in the pro­ce­du­re under Art. 60 GDPR.

Ita­ly: Use of Goog­le Ana­ly­tics also prohibited 

After Austria (data pro­tec­tion aut­ho­ri­ty) and Fran­ce (CNIL), Ita­ly (the Garan­te) also restricts the use of Goog­le Ana­ly­tics: Media release (EN) Deci­si­on (PDF, IT) Deci­si­on trans­la­ted (PDF, DE) The Garan­te joins the deci­si­ons of Austria and Fran­ce in the mat­ter. First

FDPIC: Doubts about the risk-based approach 

On June 13, 2022, the FDPIC published an “Opi­ni­on on Suva’s data pro­tec­tion risk assess­ment on the Digi­tal Work­s­pace ‘M365′ pro­ject”, dated May 13, 2022. The docu­ment is avail­ab­le here tog­e­ther with a sum­ma­ry and with a respon­se from Suva