The Privacy Partnership Podcast with Robert Bateman
Robert Bateman provides the latest on data protection and privacy, with regular solo news updates and short-form interviews. Brought to you by Privacy Partnership: www.privacypartnership.com
The Privacy Partnership Podcast with Robert Bateman
It's here! Major proposed GDPR changes under the Digital Omnibus Regulation
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In this episode of the Privacy Partnership Podcast, Rob walks you through the most important aspects of the proposed Digital Omnibus Regulation.
• A new Article 88c states that processing of personal data for the development and operation of AI systems may be pursued for legitimate interests (p85).
• A new condition under Article 9 allows the processing of special category data for AI training if state-of-the-art security is used and the data is subsequently removed or anonymised (p79).
• Article 4 is amended to clarify that information is not personal data for a given person if they do not have the means "reasonably likely to be used" to identify an individual (p78-79).
• The threshold for notifying a DPA about a data breach would be raised to "high risk," the deadline would be extended to 96 hours, and there would be a new Single Entry Point for breach reporting (p81).
• Article 12 is amended to allow controllers to refuse a data subject rights request where the data subject "abuses the rights conferred by (the GDPR) for purposes other than the protection of their data" (p80).
• ePrivacy rules are absorbed into new GDPR Articles 88a and 88b, introducing a 6-month "cookie fatigue" period and mandating respect for automated browser signals (p83-84).
• There are new rules about automated browser signals with a specific exemption for "media service providers" (p84).
• A new Article 9 derogation permits processing biometric data for verification (authentication) purposes if the data remains under the sole control of the data subject (p79).