France: CNIL suggests improvements for proposed law on global security and drone use

The French data protection authority (‘CNIL’) announced that it had given its opinion on the draft law on global security.
In particular, CNIL pointed out that, in its current state, the law does not provide for a system that would safeguard privacy and personal data adequately. More precisely, CNIL emphasized that the proposed legislation includes different provisions relating to the protection of personal data, in particular the amendment of the relevant legal basis to be used in the regulation of video and drone technology.

Spain: Decree amending NIS implementation law published in Official Gazette

In relation to the strategic and operational structure for the protection of networks and information systems, the decree seeks to establish the NIS Implementation Law in accordance with the security responsibilities of operators of critical services (‘OESs’) and digital service providers (‘DSPs’), in addition to handling security incidents.

France: CNIL publishes report on its role and privacy challenges during pandemic

On 21 January 2021, the French Data Protection Authority released its report on its activities during the coronavirus pandemic, in particular on the position of the regulator and on the challenges of personal data protection in times of crisis, in order to better educate professionals and individuals.

Press release:


Italy: Garante orders TikTok to stop processing user data when age is not ascertained

Further to the case of child drowning following a TikTok appeal, the Garante agreed to interfere and prohibit the processing of user data by TikTok if the age of the user has not been determined, taking into account the special security that should be given to children with regard to the protection of their personal data under the GDPR.

International: ASEAN publishes data management framework and model contractual clauses for cross-border data transfers

On 22 January 2021, the Personal Data Protection Commission of Singapore (‘PDPC’) reported that the Data Management Framework (‘DMF’) and Model Contractual Clauses for Cross Border Data Flows (‘MCCs’), two initiatives developed by the Working Group on Digital Data Governance chaired by Singapore, were approved by the ministers of the Association of Southeast Asian Nations (‘ASEAN’).

The PDPC emphasized, in particular, that the goal of the DMF and MCCs is to promote organizations and their use of data-related business processes, as well as to minimize negotiation and enforcement costs, while at the same time ensuring the security of personal data during cross-border data transfers.

Opinion: We need a new era of international data diplomacy

By Rohinton P. Medhora:
“In the wake of this surge in “techno-solutionism”, the world needs a new era of data diplomacy to catch up. Big data holds great promise in improving health outcomes. But it requires norms and standards to govern collection, storage and use, for which there is no global consensus.  The world broadly comprises four data zones — China, the US, the EU and the remainder. The state-centric China zone, where individuals have no control over their personal data, is often portrayed as the poster child of the long-threatened Orwellian society”.