On 15 September 2022, the European Commission published its proposal for a new Regulation which sets out cybersecurity related requirements for products with “digital elements”, known as the proposed Cyber Resilience Act (the CRA). The CRA introduces common cybersecurity rules for manufacturers, developers and distributors of products with digital elements, covering both hardware and software. … Continue reading
On 12 May 2022 EDPB adopted Guidelines on the calculation of administrative fines (the Guidelines). The Guidelines supplement the Article 29 Working Party’s Guidelines on the application and setting of administrative fines (WP253) adopted in October 2017 and recommends that the two are read together. Whereas the previous guidance set out general principles for when … Continue reading
The EDPB has published draft guidance on “dark patterns” in social media (the Guidelines) for consultation. The Guidelines consider in detail common social media interfaces that present the content of privacy policies and collect consent in ways which substantively violate the GDPR requirements, while still pretending to formally comply with them (these methods now termed … Continue reading