第1期 | DPOHUB全球数据合规头条（6月21—6月27日）

DPOHUB

全球数据合规头条

Data Compliance Global Hotspot

EU adequacy decision for 

South Korea

欧盟对韩国做出的充分性决定

In March 2021, representatives of the European Commission and South Korea's Personal Information Protection Commission announced the successful conclusion of the adequacy discussions between the European Union and the Republic of Korea. As a follow-up to this announcement, in June 2021 the European Commission published its draft South Korean adequacy decision. If adopted, the decision would mean European Economic Area personal data can be freely transferred to commercial operators and public authorities in South Korea on the same basis as intra-community data sharing arrangements. IAPP Senior Westin Research Fellow Jetty Tielemans offers a breakdown of the commission's latest adequacy decision.

2021年3月，欧盟委员会和韩国个人信息保护委员会的代表宣布，欧盟和韩国之间的充分性讨论已经成功结束。作为这一宣布的后续行动，2021年6月，欧盟委员会公布了韩国的充分性决定草案。如果获得通过，该决定将意味着欧洲经济区的个人数据可以在与社区内数据共享安排相同的基础上自由转移给韩国的商业运营商和公共机构。

ECHR rules against RTBF 

claim

欧洲人权法院裁定反对一起针对

被遗忘权的索赔

The European Court of Human Rights rendered a decision against an individual's right to be forgotten. The case, which previously went through Belgian courts, involved a request to a media outlet seeking to clear potentially damaging information about an individual from the archives on the publication's website. The ECHR found the publisher was not obligated "to check their archives on a systematic and permanent basis" and would not need to do so in the future "unless they received an express request to that effect."

欧洲人权法院作出了一项反对个人被遗忘权的裁决。此案曾在比利时法院审理，涉及向一家媒体提出的请求，要求从该出版物网站的档案中清除关于某人的潜在有害信息。欧洲人权法院认为，出版商没有义务“在系统性和永久性的基础上检查他们的档案”，而且将来也不需要这样做，“除非他们收到这方面的明确请求”。

Talks on data exchanges, AI highlight EU-US Ministerial Meeting

关于数据交换和人工智能的会谈

成为欧盟-美国部长级会议的亮点

In a joint statement, the Council of the European Union and the U.S. Departments of Justice and Homeland Security detailed their discussions at the EU-U.S. Ministerial Meeting on Justice and Home Affairs. The two sides agreed the Passenger Name Record agreement remains "a key instrument" in fighting terrorism and will use it while "respecting privacy requirements." There was also an agreement to "negotiate as soon as possible" a deal on electronic evidence sharing. Additionally, the delegations shared thoughts on law enforcement's use of artificial intelligence, acknowledging "the potential benefits and risks."

欧盟理事会和美国司法部和国土安全部在联合声明中详细介绍了他们在欧盟-美国司法和内政事务部长级会议上的讨论。双方同意乘客姓名记录协议仍然是打击恐怖主义的“关键工具”，并承诺将在“尊重隐私要求”的情况下使用它。双方还同意“尽快谈判”一项关于电子证据共享的协议。此外，两国代表团分享了对执法部门使用人工智能的想法，承认了其“潜在的好处和风险”。

EDPB adopts final version of Recommendations on supplementary measures

EDPB通过了关于补充措施的建

议书的最终版本

During its plenary session, the EDPB adopted a final version of the Recommendations on supplementary measures following public consultation. The Recommendations were first adopted in November 2020 following the CJEU Schrems II ruling. They aim to assist controllers and processors acting as data exporters with their duty to identify and implement appropriate supplementary measures where they are needed to ensure an essentially equivalent level of protection to the data they transfer to third countries. 

在全体会议上，欧盟数据保护委员会（EDPB）在征询公众意见后通过了关于补充措施的建议书的最终版本。这些建议于2020年11月在欧洲法院（CJEU）Schrems II裁决后获得首次通过。它们旨在协助作为数据输出者的控制者和处理者履行其职责，在需要时确定和实施适当的补充措施，以确保接收数据的第三国具有与欧盟基本相同的数据保护水平。

Antitrust: Commission opens investigation into possible anticompetitive conduct by Google in the online advertising technology sector

反垄断：欧盟委员会就谷歌在线

广告技术可能的反竞争行为展开

调查

The European Commission has opened a formal antitrust investigation to assess whether Google has violated EU competition rules by favouring its own online display advertising technology services in the so called “ad tech” supply chain, to the detriment of competing providers of advertising technology services, advertisers and online publishers. The formal investigation will notably examine whether Google is distorting competition by restricting access by third parties to user data for advertising purposes on websites and apps, while reserving such data for its own use.

欧盟委员会已启动正式的反垄断调查，以评估谷歌是否违反欧盟竞争规则，在所谓的“广告技术”供应链中偏袒自己的在线展示广告技术服务，损害存在竞争关系的广告技术服务提供商、广告商和在线发布商的权利。正式调查将特别关注谷歌是否通过限制第三方在网站和应用程序上以投放广告为目的访问用户数据，同时保留此类数据供自己使用来扰乱竞争。

EPIC publishes report on unused FTC statutory authorities

EPIC发布关于联邦贸易委员会未

使用的法定权限的报告

The Electronic Privacy Information Center released a report on the statutory authorities the U.S. Federal Trade Commission has not used for privacy enforcement. The report highlights "unused and underused" powers at the FTC's disposal and explains why the agency should use these abilities "to protect the public from abusive data practices."

电子隐私信息中心发布了关于美国联邦贸易委员会未用于隐私执法的法定权限的报告。该报告强调了联邦贸易委员会所掌握的“未使用和未充分使用”的权限，并解释了为什么该机构应使用这些权限“保护公众免受滥用数据的行为的侵害”。

EDPB, EDPS issue opinion on proposed AI rules

EDPB、EDPS就拟议的AI规则发

表意见

The European Data Protection Board and European Data Protection Supervisor released a joint opinion on the European Commission's proposed artificial intelligence regulation. Notably, the opinion proposed a ban on AI-powered biometric recognition technologies and potentially discriminatory AI systems in public spaces. In a joint statement, EDPB Chair Andrea Jelinek and EDPS Wojciech Wiewiórowski said the ban is a "necessary starting point" for a "human-centric legal framework for AI," also noting the biometric deployments in combination with AI "means the end of anonymity in those places."

欧洲数据保护委员会（EDPB）和欧洲数据保护监督员（EDPS）就欧盟委员会提议的人工智能法规发布了一份联合意见。值得注意的是，该意见建议禁止人工智能驱动的生物识别技术和公共场所潜在的歧视性人工智能系统。在联合声明中，EDPB主席Andrea Jelinek和EDPS的Wojciech Wiewiórowski表示，该禁令是“以人为本的人工智能法律框架”的“必要起点”，还指出生物识别部署与人工智能相结合“意味着在这些地方匿名的结束”。

Ireland’s DPC: ‘No clear legal basis’ for employer processing of vaccination data

爱尔兰数据保护委员会：雇主处理‘疫苗接种数据’没有明确的

法律依据

Ireland’s data protection authority, the Data Protection Commission, published guidance on processing employees’ COVID-19 vaccination data, addressing the collection of employee vaccination status by employers. “The processing of vaccine data is likely to represent unnecessary and excessive data collection for which no clear legal basis exists,” it said.

爱尔兰的数据保护机构——数据保护委员会（DPC）发布了关于处理雇员COVID-19疫苗接种数据的指南，解决了雇主收集雇员疫苗接种情况的问题。该指南指出：“对疫苗接种数据的处理很可能是不必要的和过度的数据收集，没有明确的法律依据。”

Regulators launch campaign against 

spy cameras, hidden-camera videos

监管机构开展打击间谍相机和

隐藏摄像头视频的行动

The Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Public Security Bureau and the State Administration for Market Regulation announced a three-month campaign against spy cameras and hidden-camera videos, Yahoo News reports. The regulators say online platforms and camera developers that do not address privacy violations will be “severely punished” in accordance with laws and regulations.

据雅虎新闻报道，中国网信办、工业和信息化部、公安局和国家市场监管总局宣布开展为期三个月的打击间谍相机和隐藏摄像头视频的活动。监管机构表示，不解决侵犯隐私问题的网络平台和摄像头开发商根据法律和法规将受到“严厉惩罚”。

Biden: Steps needed to address privacy concerns brought by tech companies

拜登：需要采取措施解决科技

公司带来的隐私问题

A White House official said U.S. President Joe Biden believes steps are needed to protect privacy and address concerns brought forth by large technology companies, Reuters reports. The official added Biden has seen positive signals from the bipartisan work in Congress to tackle these issues. "The president believes we need to address the problems these platforms create to protect privacy, generate more innovation, and make sure the great tech companies of the future can emerge and grow right here in the U.S.," the official said.

路透社报道，一位白宫官员说，美国总统拜登认为需要采取措施保护隐私，并解决大型科技公司带来的隐患。这位官员补充说：“拜登从国会两党解决这些问题的工作中看到了积极信号。总统认为我们需要解决这些平台造成的问题，以保护隐私，产生更多的创新，并确保未来伟大的科技公司能够在美国出现和发展。”

Dutch DPA publishes DPO guidance

荷兰DPA发布DPO指南

The Netherland's data protection authority, Autoriteit Persoonsgegevens, issued guidance on the responsibilities of and suggested practices for a data protection officer. In addition to covering assigned duties, the guidelines outline the DPOs' access privileges and proper resourcing. The AP's list of DPO principles includes a focus on incident prevention, defining abilities to intervene on data protection matters and general independence of the role.

荷兰的数据保护机构Autoriteit Persoonsgegevens（AP）发布了关于数据保护官的责任和建议做法的指南。除了涵盖指定的职责外，该指南还概述了DPO的访问权限和适当的资源配置。AP的DPO原则清单包括关注事件预防、定义干预数据保护事务的能力的和角色的一般独立性。