CNIL Open Data initiative

Quite a few interesting data sets published by CNIL as Opendata, incl. e.g.

  • Contact information for Data Protection Authorities around the world
  • Number of formal notices notified each year since 2014
  • Number and type of sanctions notified each year since 2014
  • Lists of declarative formalities completed with the CNIL (1979 – May 24, 2018)
  • List of notifications of personal data breaches received by the CNIL
  • List of formalities prior to the implementation of personal data processing sent to the CNIL since May 25, 2018
  • Number of complaints received annually by the CNIL since 1981
  • etc.

Germany: DIGA digital health applications can’t use Standard Contractual Clauses

in German:
According to the external legal blog post below, DIGA does not allow for standard contractual clauses for transfer of data in countries without an EU adequacy decision. (Note: Not all health apps fall under DIGA).
– This leads to an impact to apps, if US Privacy Shield would not survive Schrems II in mid-July 2020 – in the context of US 3rd parties used (e.g. Google Firebase, etc).

Germany BfDI: Position paper on Anonymization (with focus on telecoms)

My high-level reading (I’m not a lawyer..):

  • Anonymization is viewed as a processing activity and requires a legal basis. (The paper argues different approaches).
  • Transparency obligations must be met.
  • Anonymization can be used as an alternative to deletion.