{"id":11530,"date":"2026-02-04T11:59:44","date_gmt":"2026-02-04T10:59:44","guid":{"rendered":"https:\/\/techgdpr.com\/?p=11530"},"modified":"2026-02-04T11:59:45","modified_gmt":"2026-02-04T10:59:45","slug":"data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine","status":"publish","type":"post","link":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/","title":{"rendered":"Data protection digest 19 Jan &#8211; 2 Feb 2026: New PETs guide, Digital identities ecosystem &amp; employees&#8217; surveillance fine"},"content":{"rendered":"\n<h4 class=\"wp-block-heading\"><a href=\"https:\/\/www.gov.il\/en\/pages\/guide_enhancing_technologies\">Privacy Enhancing Technologies<\/a> (<strong>PETs<\/strong>) <\/h4>\n\n\n\n<p> The Israeli data protection authority published a technical <a href=\"https:\/\/www.gov.il\/en\/pages\/guide_enhancing_technologies\">guide to Privacy Enhancing Technologies<\/a>, available in English. PETs are a diverse family of methods, processes, and digital tools that are appropriate for different stages in the information life cycle:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Data collection and preparation for use:<\/strong> Obfuscating personal data and reducing its level of detail by <a href=\"https:\/\/www.gov.il\/BlobFolder\/reports\/guide_enhancing_technologies\/en\/PETs-Mongash-en.pdf\">removing identifiers, altering data values, or masking exact figures<\/a>.<\/li>\n\n\n\n<li><strong>Data use and processing: <\/strong>Reducing exposure of personal data during processing, and in some cases, enabling data use without the need for viewing it during processing.<\/li>\n\n\n\n<li><strong>Control over data use:<\/strong> Defining rules and permissions for access to personal data and displaying data relating to the identity of the person accessing the data, the type of data, and the time of access.\u00a0<\/li>\n<\/ul>\n\n\n\n<h6 class=\"wp-block-heading\"><mark style=\"background-color:#fce3d1;color:#b979f5\" class=\"has-inline-color\"><a href=\"#newslettersignup\" id=\"#newslettersignup\">Stay up to date! Sign up to receive our fortnightly digest via email.<\/a> <\/mark><\/h6>\n\n\n\n<h4 class=\"wp-block-heading\">Main developments&nbsp;<\/h4>\n\n\n\n<p><strong>Brazil adequacy decision: <\/strong>On 28 January, the European Commission recognised that Brazil ensures an adequate level of protection for personal data under the EU GDPR. The enforced decision confirms that <a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX:32026D0179&amp;qid=1769615737805\">Brazil provides comparable levels of data protection, allowing the free transfer of personal data<\/a> between the two jurisdictions without additional authorisations or safeguards. The Commission also recognises the independence of the Brazilian Data Protection Authority (ANPD), and the safeguards governing public authorities\u2019 access to personal data for law enforcement and national security purposes.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:25% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"715\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1-1024x715.jpeg\" alt=\"PETs\" class=\"wp-image-11540 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1-1024x715.jpeg 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1-300x210.jpeg 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1-768x536.jpeg 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1.jpeg 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p><strong>Data Privacy Framework:<\/strong> The EDPB has published a new version of the EU-US Data Privacy Framework FAQ for European individuals.\u00a0 \u201cEuropean individuals\u201d means any natural person, regardless of their nationality, whose personal data has been transferred to a US company under this framework. It applies to any type of personal data processed for commercial or health purposes, and human resources data collected in the context of employment, as long as the <a href=\"https:\/\/www.edpb.europa.eu\/system\/files\/2026-01\/edpb_dpf_faq-for-individuals_v2_en.pdf\">recipient company in the US is self-certified under the DPF<\/a>.\u00a0<\/p>\n<\/div><\/div>\n\n\n\n<p>If you believe that a company in the US has violated its obligations or your rights under the EU-U.S. Data Privacy Framework, several <a href=\"https:\/\/www.dataprivacyframework.gov\/program-articles\/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization%E2%80%99s-Compliance-with-the-DPF-Principles\">redress avenues are available<\/a>.\u00a0<\/p>\n\n\n\n<p><strong>Digital omnibus: <\/strong>The EDPB and EDPS also adopted a joint opinion on simplification of the implementation of harmonised rules on AI. Among other things, the EDPB and the EDPS recommend maintaining the standard of strict necessity currently applying for the processing of <strong>special categories of personal data for bias detection <\/strong>and correction in relation to high-risk AI systems. They also support the creation of EU-level AI regulatory <strong>sandboxes to promote innovation <\/strong>and help SMEs, as well as <strong><a href=\"https:\/\/techgdpr.com\/blog\/reconciling-the-regulatory-clock\/\">AI literacy<\/a> <\/strong>obligations for systems providers and deployers. The <a href=\"https:\/\/www.edpb.europa.eu\/system\/files\/2026-01\/edpb_edps_jointopinion_202601_proposal_ai-omnibus_en.pdf\">full opinion can be read here<\/a>.\u00a0<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>HIPAA Notice<\/strong><\/h4>\n\n\n\n<p>In the US, if your company provides health benefits or qualifies as a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), it is important to update your Notice of Privacy Practices (NPP) by 16 February to remain compliant. The notice must include new and <a href=\"https:\/\/natlawreview.com\/article\/update-your-hipaa-notice-privacy-practices-february-16-2026\">more restrictive requirements related to protected health information (PHI)<\/a> in particular, on the disclosure of patients\u2019 substance use disorder records. The following steps may include assessing related policies, training, materials, and business associate agreements (BAAs) for consistency.<\/p>\n\n\n\n<p>You can also read the latest epic.org report on the <a href=\"https:\/\/epic.org\/press-release-epic-releases-new-report-on-protecting-health-privacy-in-the-digital-age\/\">health data privacy crisis in the US here<\/a>.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">More from supervisory authorities<\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:25% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"682\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1024x682.jpeg\" alt=\"\" class=\"wp-image-11534 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1024x682.jpeg 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-300x200.jpeg 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-768x512.jpeg 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image.jpeg 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p><strong>M&amp;A: <\/strong>Before a planned company sale, large amounts of data are often processed as part of a due diligence review. This can include personal data, particularly of employees, customers, and suppliers. <a href=\"https:\/\/www.datenschutzstelle.li\/datenschutz\/themen-z\/due-diligence-unternehmensverkauf\">The Liechtenstein Data Protection Authority has compiled information<\/a> (in German) regarding which data protection regulations must be observed. This information does not replace an individual assessment and is not exhaustive.\u00a0<\/p>\n<\/div><\/div>\n\n\n\n<p><strong>Camera surveillance in public transport:<\/strong> The Dutch data protection authority states that permanent camera surveillance at employees&#8217; designated workstations is not permitted. Cameras may <a href=\"https:\/\/www.autoriteitpersoonsgegevens.nl\/actueel\/cameratoezicht-in-ov-chauffeurs-mogen-niet-permanent-in-beeld\">only be used when strictly necessary<\/a>, for example, for safety during incidents, and not for systematic monitoring or evaluation of employees. For the data controller, this includes technical adjustments to cameras, adapting internal protocols, and providing clear instructions to employees.<\/p>\n\n\n\n<p><strong>AI tools safe usage: <\/strong>The Spanish AEPD has published the main principles of safe, responsible, and conscious use of AI. Among the recommendations, the privacy regulator advises against sharing personal data with AI &#8211; <strong>full name, address, telephone number, ID\/NIE, images of people, or sensitive or delicate information &#8211; medical, financial or contractual details, geolocation<\/strong>. In the workplace, the agency emphasises the importance of following the information and security policies of each organisation and, in particular, of <a href=\"https:\/\/www.aepd.es\/prensa-y-comunicacion\/notas-de-prensa\/aepd-publica-decalogo-recomendaciones-proteger-privacidad-al-usar-ia\">not including information that reveals confidential data of the entity, its staff or clients<\/a>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Digital identities ecosystem<\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:24% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"838\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-3-1024x838.png\" alt=\"\" class=\"wp-image-11542 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-3-1024x838.png 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-3-300x246.png 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-3-768x629.png 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-3.png 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong> <\/strong><\/p>\n\n\n\n<p>Verifiable Digital Credentials (VDCs) can represent a wide range of data, from a <a href=\"https:\/\/www.nist.gov\/blogs\/cybersecurity-insights\/digital-identities-getting-know-verifiable-digital-credential-ecosystem\">driver\u2019s license to a diploma to proof of age<\/a>, explains America&#8217;s NIST. However, their interoperability requires a common set of standards and protocols for issuing, using, and verifying VDCs. As VDCs gain traction for both in-person and online identity verification, two key standards are helping to define this space: <\/p>\n<\/div><\/div>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.iso.org\/standard\/69084.html\">ISO\/IEC 18013-5<\/a>, which underpins mobile driver\u2019s licenses and related mobile documents, and <\/li>\n\n\n\n<li>the <a href=\"https:\/\/www.w3.org\/TR\/vc-data-model-2.0\">World Wide Web Consortium\u2019s Verifiable Credentials<\/a> formats.<\/li>\n<\/ul>\n\n\n\n<p>See their <a href=\"https:\/\/www.nist.gov\/blogs\/cybersecurity-insights\/digital-identities-getting-know-verifiable-digital-credential-0\">comparison in the original publication<\/a>.\u00a0<\/p>\n\n\n\n<p>In parallel, the German Federal Office for Information Security (BSI) has issued the updated Technical Guideline for <a href=\"https:\/\/www.bsi.bund.de\/DE\/Themen\/Unternehmen-und-Organisationen\/Standards-und-Zertifizierung\/Technische-Richtlinien\/TR-nach-Thema-sortiert\/tr03166\/TR-03166_node.html\"><strong>Biometric Authentication Systems<\/strong><\/a> (in German), which can be used for significantly more use cases of facial and fingerprint recognition through smartphones or access control systems.\u00a0<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Cookie policy<\/strong><\/h4>\n\n\n\n<p>The Latvian data protection authority reminds us of the essentials of a cookie policy, which provides the user with clear information about how their data is processed when using cookies. A document published on any website must explain in a user-friendly way: <a href=\"https:\/\/www.dvi.gov.lv\/lv\/jaunums\/dviskaidro-kas-ir-sikdatnu-politika\">a) what cookies the website uses; b) for what purpose they are used; c) who their recipients are<\/a>.<\/p>\n\n\n\n<p>The multi-layered approach ensures that the most important information about the use of cookies on the website is provided in a concentrated manner (in the cookie pop-up notification or banner), including an indication of where more detailed information can be found (cookie policy). <strong>Cookie policies are often confused with privacy policies <\/strong>(by briefly including information about cookies among what is described in the privacy policy). However, to ensure transparency, information should be provided to users separately &#8211; in two documents or at least in clearly separated \u201cblocks\u201d of information.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Shopping cart reminder e-mail<\/strong><\/h4>\n\n\n\n<p>According to the Saxony data protection commissioner, retailers often send a reminder email pointing out an incomplete purchase process. Despite regular complaints received about such communication, there are no data protection concerns regarding a one-time shopping cart status update via email. The <a href=\"https:\/\/www.datenschutz.sachsen.de\/download\/Newsletter_01_2026.html\">automatically generated messages must be distinguished from unsolicited advertising and are considered technical support<\/a>.\u00a0<\/p>\n\n\n\n<p>Given the customer&#8217;s expectations and the recipient&#8217;s perspective, it is at least realistic to expect a technically triggered status update during the contract negotiation phase, in accordance with Art. 6 of the GDPR. At the same time, the data processing known as reminder emails is subject to information requirements and must be appropriately indicated in the notices pursuant to Art. 13 of the GDPR.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">In other news<\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:25% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"731\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1-1024x731.png\" alt=\"PETs\" class=\"wp-image-11536 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1-1024x731.png 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1-300x214.png 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1-768x548.png 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1.png 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p><strong>Excel file disclosure: <\/strong>The Romanian regulator ANSPDCP imposed fines totalling 15,000 euros against Continental Automotive Products SRL for breaches of the GDPR principles of data minimisation, accountability, and the security of processing. The investigation followed the controller submitting a personal data breach notification concerning the <a href=\"https:\/\/www.dataprotection.ro\/index.jsp?page=Comunicat_Presa_19_01_2026&amp;lang=ro\">repeated internal distribution of an Excel file containing a consolidated list of employees, including medical data<\/a> from medical certificates relating to numerous employees and former employees over a period of time.\u00a0<\/p>\n<\/div><\/div>\n\n\n\n<p><strong>GM driver data ban: <\/strong>America\u2019s Federal Trade Commission finalised an order against General Motors and its OnStar subsidiary after the automaker secretly collected and <a href=\"https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2026\/01\/ftc-finalizes-order-settling-allegations-gm-onstar-collected-sold-geolocation-data-without-consumers\">sold detailed driving data from millions of vehicles without consumer consent.<\/a>\u00a0 The final order approved by the Commission imposes a five-year ban on GM disclosing consumers\u2019 geolocation and driver behaviour data to consumer reporting agencies. And for the entire 20-year life of the order, GM will be required to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>obtain affirmative express consent from consumers before collecting, using, or sharing connected vehicle data, with some exceptions, such as for providing location data to emergency first responders;<\/li>\n\n\n\n<li>create a way for all US consumers to request a copy of their data and seek its deletion;<\/li>\n\n\n\n<li>give consumers the ability to disable the collection of precise geolocation data from their vehicles if their vehicle has the necessary technology; and<\/li>\n\n\n\n<li>provide a way for consumers to opt out of the collection of geolocation and driver behaviour data, with some limited exceptions.<\/li>\n<\/ul>\n\n\n<div id=\"newslettersignup\"><\/div>\n<div id=\"role-block_35a877577cc3177640746f0812296539\" class=\"text-t-black bg-t-pink p-6 md:p-12 rounded-tr-50 rounded-bl-50 mb-4 lg:mb-12 text-center role\">\n  \n      <h2 class=\"text-xl lg:text-2xl max-w-screen-lg mx-auto text-t-black font-display mb-4\">\n      Receive our digest by email     <\/h2>\n        <h3 class=\"text-base max-w-screen-lg mx-auto text-t-black font-body mb-4\">Sign up to receive our digest by email every 2 weeks<\/h3>\n  \n  <div id=\"rmOrganism\">\n    <div class=\"rmEmbed rmLayout--vertical rmBase\">\n      <div data-page-type=\"formSubscribe\" class=\"rmBase__body rmSubscription\">\n                  <form method=\"post\" action=\"https:\/\/mailing.techgdpr.com\/145\/6351\/5e9fc3cdda\/subscribe\/form.html?_g=1698845230\" class=\"rmBase__content\">\n                  <div class=\"rmBase__container mx-auto max-w-screen-sm\">          \n            <div class=\"rmBase__section\">\n              <div class=\"text-left rmBase__el rmBase__el--input rmBase__el--label-pos-none\" data-field=\"email\">\n                <label for=\"email\" class=\"rmBase__compLabel rmBase__compLabel--hideable hidden\">\n                  Email address\n                <\/label>\n                <div class=\"rmBase__compContainer mb-2\">\n                  <input type=\"text\" name=\"email\" id=\"email\" placeholder=\"Email\" value=\"\" class=\"p-4 border rounded border-gray-400 w-full rmBase__comp--input comp__input\">\n                  <div class=\"rmBase__compError text-left font-display font-bold text-xs\"><\/div>\n                <\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section mb-4\">\n              <div class=\"rmBase__el rmBase__el--consent\" data-field=\"consent_text\">\n                <div class=\"rmBase__comp--checkbox\">\n                  <label for=\"consent_text\" class=\"flex space-x-2 items-baseline text-left vFormCheckbox comp__checkbox\">\n                    <input type=\"checkbox\" value=\"yes\" name=\"consent_text\" id=\"consent_text\" class=\"vFormCheckbox__input\">\n                    <div class=\"vFormCheckbox__indicator hidden\"><\/div>\n                    <div class=\"vFormCheckbox__label\">\n                                              I consent to the processing of my data and to receiving regular updates from TechGDPR. Data is processed according to our <a href=\"https:\/\/techgdpr.com\/privacy-policy\/\"> Privacy Notice<\/a>.\r\n                                          <\/div>\n                  <\/label>\n                <\/div>\n                <div class=\"rmBase__compError text-left font-display font-bold text-xs\"><\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--cta\">\n                <button type=\"submit\" class=\"inline-flex items-center justify-center px-8 py-3 text-white visited:text-white font-bodybold rounded-md bg-t-navy border-3 border-t-navy hover:border-t-navy hover:bg-transparent hover:text-t-navy transition-all hover:text-white cursor-pointer rmBase__comp--cta\">\n                  Subscribe\n                <\/button>\n              <\/div>\n            <\/div>\n          <\/div>\n        <\/form>\n      <\/div>\n      <div data-page-type=\"pageSubscribeSuccess\" class=\"rmBase__body rmSubscription hidden\">\n        <div class=\"rmBase__content\">\n          <div class=\"rmBase__container\">\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--heading\">\n                <div class=\"rmBase__comp--heading\">\n                  Thank you for your subscription!\n      <!-- this linebreak is important, don't remove it! this will force trailing linebreaks to be displayed -->\n                  <br>\n                <\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--text\">\n                <div class=\"rmBase__comp--text\">\n                  We have sent you an email &#8211; please confirm your email address by clicking the activation link in it.\n      <!-- this linebreak is important, don't remove it! this will force trailing linebreaks to be displayed -->\n                  <br>\n                <\/div>\n              <\/div>\n            <\/div>\n          <\/div>\n        <\/div>\n      <\/div>\n    <\/div>\n  <\/div>\n\n      <script src=\"https:\/\/mailing.techgdpr.com\/form\/145\/6069\/8a53c9178b\/embedded.js\" async><\/script>\n  \n<\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Chromebook <\/strong>case<\/h4>\n\n\n\n<p>The Danish data protection authority decided in the Chromebook case regarding 51 municipalities&#8217; use of Google&#8217;s products for teaching in primary schools. The regulator issues serious criticism and warns the municipalities about their setup of the programs in question and about <a href=\"https:\/\/www.datatilsynet.dk\/presse-og-nyheder\/nyhedsarkiv\/2026\/feb\/datatilsynet-giver-51-kommuner-alvorlig-kritik-i-chromebook-sag\">the use of sub-processors outside the EU<\/a>. In addition, it states that as a data controller, municipalities cannot legally use products that contain unclear processing constructs. Finally, they must have access to the necessary resources to ensure lawful processing of personal data, including in situations where the contractual basis for the product changes.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Microsoft 365 Education<\/strong><\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:25% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1024x576.png\" alt=\"\" class=\"wp-image-11532 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-1024x576.png 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-300x169.png 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-768x432.png 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image.png 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p>The Austrian data protection authority upheld a complaint filed by a pupil, represented by the European Centre for Digital Rights (NOYB), against Microsoft regarding the use of tracking cookies in Microsoft 365 Education. The decision relates to the installation and use of <a href=\"https:\/\/digitalpolicyalert.org\/event\/37310-austrian-data-protection-authority-issued-its-ruling-following-investigation-into-microsoft-concerning-use-of-tracking-cookies-in-microsoft-365-education\">non-essential cookies on the device of a minor using Microsoft 365 Education at an Austrian school<\/a>.\u00a0 The authority also found that no valid consent had been obtained, <a href=\"http:\/\/digitalpolicyalert.org\">digitalpolicyalert.org<\/a> reports.<\/p>\n<\/div><\/div>\n\n\n\n<h4 class=\"wp-block-heading\">More enforcement decisions<\/h4>\n\n\n\n<p><strong>Employees&#8217; geolocation:<\/strong> The Italian regulator Garante fined a company in the agricultural seed selection and production sector <a href=\"https:\/\/www.garanteprivacy.it\/garante\/doc.jsp?ID=10213711\">120,000 euros for unlawfully processing the personal data of five employees<\/a>. As part of a multinational group, at the direction of its Swiss parent company, it installed a device on its company vehicles that unlawfully collected data on employees&#8217; <strong>business and private travel (time, mileage, fuel consumption, and driving style) for the purpose of assigning a monthly score<\/strong>. The collected data was retained for 13 months and used to evaluate employee driving behaviour and to implement any corrective measures.\u00a0<\/p>\n\n\n\n<p><strong>Access to a fired worker&#8217;s email: <\/strong>Garante also ruled that the content of <a href=\"https:\/\/www.garanteprivacy.it\/home\/docweb\/-\/docweb-display\/docweb\/10214064\">emails, contact information, and any attachments fall within the definition of correspondence and are therefore protected by the right to confidentiality<\/a>. In the related case, the regulator fined a company 40,000 euros for violating the confidentiality of a CEO&#8217;s email account after his employment ended. After receiving a disciplinary letter that resulted in dismissal,\u00a0 he asked the company to disable the email account, forward any messages received in the meantime to his personal email address, and activate an automatic reply. However, this request remained unanswered.\u00a0<\/p>\n\n\n\n<p><strong>France Travail: <\/strong>The French CNIL, meanwhile, fined France Travail 5 million euros for failing to ensure the security of the data of job seekers. In 2024, attackers managed to break into the agency&#8217;s information system. They used social engineering techniques to usurp the accounts of CAP EMPLOI advisors, responsible for people with disabilities.\u00a0The attackers accessed the <a href=\"https:\/\/www.cnil.fr\/fr\/violation-de-donnees-sanction-5millions-france-travail\">data of all registered people, or those who have been registered over the past 20 years<\/a>. However, the attackers did not gain access to the complete files of job seekers, which may include health data.\u00a0<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">And finally<\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:25% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"633\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-2-1024x633.png\" alt=\"\" class=\"wp-image-11538 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-2-1024x633.png 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-2-300x185.png 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-2-768x475.png 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/image-2.png 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p><strong>Change your password:\u00a0 <\/strong>According to the German BSI, a blanket password change is no longer an effective security measure. <a href=\"https:\/\/www.bsi.bund.de\/DE\/Service-Navi\/Presse\/Pressemitteilungen\/Presse2026\/260130_Aendere-dein-Passwort-Tag.html\">Frequent password changes often lead consumers to use weak, easily predictable passwords<\/a>. Password managers help to keep track of passwords. However, even a complex password does not offer 100% protection. Instead, BSI recommends activating two-factor authentication (2FA).\u00a0<\/p>\n<\/div><\/div>\n\n\n\n<p><strong>Australia child accounts ban: <\/strong>According to the Guardian, Snapchat banned or disabled the accounts of around 415,000 Australian users who were detected as being under the age of 16. This was done to comply with the new under-16s social media prohibition. In December, Snapchat was one of ten platforms that needed to <a href=\"https:\/\/www.theguardian.com\/australia-news\/2026\/feb\/02\/snapchat-blocks-more-than-400000-australian-accounts-but-warns-of-significant-gaps-in-under-16s-social-media-ban\">restrict people (4,7 million accounts) under the age of 16 from using its services<\/a>. However, other allegations have surfaced after the prohibition went into place, with some claiming that Snapchat&#8217;s facial age verification was easily overcome by teens.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Privacy Enhancing Technologies (PETs) The Israeli data protection authority published a technical guide to Privacy Enhancing Technologies, available in English. PETs are a diverse family of methods, processes, and digital tools that are appropriate for different stages in the information life cycle: Stay up to date! Sign up to receive our fortnightly digest via email. [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":11546,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[94,88],"tags":[51,100,98,95,58,79],"class_list":["post-11530","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection-digest","category-gdpr","tag-artificial-intelligence","tag-cookies","tag-direct-marketing","tag-eu-us-data-transfer","tag-gdpr-compliance","tag-international-transfers"],"acf":[],"featured_image_urls":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280.jpg",1280,841,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280-150x150.jpg",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280-300x197.jpg",300,197,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280-768x505.jpg",640,421,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280-1024x673.jpg",640,421,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280.jpg",1280,841,false],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280.jpg",1280,841,false],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280-200x200.jpg",200,200,true]},"post_excerpt_stackable":"<p>Privacy Enhancing Technologies (PETs) The Israeli data protection authority published a technical guide to Privacy Enhancing Technologies, available in English. PETs are a diverse family of methods, processes, and digital tools that are appropriate for different stages in the information life cycle: Data collection and preparation for use: Obfuscating personal data and reducing its level of detail by removing identifiers, altering data values, or masking exact figures. Data use and processing: Reducing exposure of personal data during processing, and in some cases, enabling data use without the need for viewing it during processing. Control over data use: Defining rules and&hellip;<\/p>\n","category_list":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>, <a href=\"https:\/\/techgdpr.com\/blog\/category\/gdpr\/\" rel=\"category tag\">GDPR<\/a>","author_info":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num":"0 comments","featured_image_urls_v2":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280.jpg",1280,841,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280-150x150.jpg",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280-300x197.jpg",300,197,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280-768x505.jpg",640,421,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280-1024x673.jpg",640,421,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280.jpg",1280,841,false],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280.jpg",1280,841,false],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280-200x200.jpg",200,200,true]},"post_excerpt_stackable_v2":"<p>Privacy Enhancing Technologies (PETs) The Israeli data protection authority published a technical guide to Privacy Enhancing Technologies, available in English. PETs are a diverse family of methods, processes, and digital tools that are appropriate for different stages in the information life cycle: Data collection and preparation for use: Obfuscating personal data and reducing its level of detail by removing identifiers, altering data values, or masking exact figures. Data use and processing: Reducing exposure of personal data during processing, and in some cases, enabling data use without the need for viewing it during processing. Control over data use: Defining rules and&hellip;<\/p>\n","category_list_v2":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>, <a href=\"https:\/\/techgdpr.com\/blog\/category\/gdpr\/\" rel=\"category tag\">GDPR<\/a>","author_info_v2":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num_v2":"0 comments","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Data protection digest 19 Jan - 2 Feb 2026: New PETs guide, Digital identities ecosystem &amp; employees&#039; surveillance fine - TechGDPR<\/title>\n<meta name=\"description\" content=\"Meta Description: TechGDPR\u2019s review of the most important data-related stories: PETs guide, Digital identities &amp; employees&#039; surveillance fine\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data protection digest 19 Jan - 2 Feb 2026: New PETs guide, Digital identities ecosystem &amp; employees&#039; surveillance fine - TechGDPR\" \/>\n<meta property=\"og:description\" content=\"Meta Description: TechGDPR\u2019s review of the most important data-related stories: PETs guide, Digital identities &amp; employees&#039; surveillance fine\" \/>\n<meta property=\"og:url\" content=\"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/\" \/>\n<meta property=\"og:site_name\" content=\"TechGDPR\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-04T10:59:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-04T10:59:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"841\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Olya Vasylyk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:site\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Olya Vasylyk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\\\/\"},\"author\":{\"name\":\"Olya Vasylyk\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\"},\"headline\":\"Data protection digest 19 Jan &#8211; 2 Feb 2026: New PETs guide, Digital identities ecosystem &amp; employees&#8217; surveillance fine\",\"datePublished\":\"2026-02-04T10:59:44+00:00\",\"dateModified\":\"2026-02-04T10:59:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\\\/\"},\"wordCount\":2027,\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/wal_172619-people-9642583_1280.jpg\",\"keywords\":[\"Artificial Intelligence\",\"cookies\",\"direct marketing\",\"EU-US data transfer\",\"GDPR Compliance\",\"International transfers\"],\"articleSection\":[\"Data Protection Digest\",\"GDPR\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\\\/\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\\\/\",\"name\":\"Data protection digest 19 Jan - 2 Feb 2026: New PETs guide, Digital identities ecosystem &amp; employees' surveillance fine - TechGDPR\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/wal_172619-people-9642583_1280.jpg\",\"datePublished\":\"2026-02-04T10:59:44+00:00\",\"dateModified\":\"2026-02-04T10:59:45+00:00\",\"description\":\"Meta Description: TechGDPR\u2019s review of the most important data-related stories: PETs guide, Digital identities & employees' surveillance fine\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\\\/#primaryimage\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/wal_172619-people-9642583_1280.jpg\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/wal_172619-people-9642583_1280.jpg\",\"width\":1280,\"height\":841,\"caption\":\"PETs\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/techgdpr.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data protection digest 19 Jan &#8211; 2 Feb 2026: New PETs guide, Digital identities ecosystem &amp; employees&#8217; surveillance fine\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"name\":\"TechGDPR\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/techgdpr.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\",\"name\":\"TechGDPR\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"contentUrl\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"width\":501,\"height\":334,\"caption\":\"TechGDPR\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/techgdpr\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/techgdpr\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\",\"name\":\"Olya Vasylyk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"caption\":\"Olya Vasylyk\"},\"description\":\"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/author\\\/olyav\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data protection digest 19 Jan - 2 Feb 2026: New PETs guide, Digital identities ecosystem &amp; employees' surveillance fine - TechGDPR","description":"Meta Description: TechGDPR\u2019s review of the most important data-related stories: PETs guide, Digital identities & employees' surveillance fine","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/","og_locale":"en_US","og_type":"article","og_title":"Data protection digest 19 Jan - 2 Feb 2026: New PETs guide, Digital identities ecosystem &amp; employees' surveillance fine - TechGDPR","og_description":"Meta Description: TechGDPR\u2019s review of the most important data-related stories: PETs guide, Digital identities & employees' surveillance fine","og_url":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/","og_site_name":"TechGDPR","article_published_time":"2026-02-04T10:59:44+00:00","article_modified_time":"2026-02-04T10:59:45+00:00","og_image":[{"width":1280,"height":841,"url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280.jpg","type":"image\/jpeg"}],"author":"Olya Vasylyk","twitter_card":"summary_large_image","twitter_creator":"@techgdpr","twitter_site":"@techgdpr","twitter_misc":{"Written by":"Olya Vasylyk","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/#article","isPartOf":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/"},"author":{"name":"Olya Vasylyk","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8"},"headline":"Data protection digest 19 Jan &#8211; 2 Feb 2026: New PETs guide, Digital identities ecosystem &amp; employees&#8217; surveillance fine","datePublished":"2026-02-04T10:59:44+00:00","dateModified":"2026-02-04T10:59:45+00:00","mainEntityOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/"},"wordCount":2027,"publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280.jpg","keywords":["Artificial Intelligence","cookies","direct marketing","EU-US data transfer","GDPR Compliance","International transfers"],"articleSection":["Data Protection Digest","GDPR"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/","url":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/","name":"Data protection digest 19 Jan - 2 Feb 2026: New PETs guide, Digital identities ecosystem &amp; employees' surveillance fine - TechGDPR","isPartOf":{"@id":"https:\/\/techgdpr.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/#primaryimage"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280.jpg","datePublished":"2026-02-04T10:59:44+00:00","dateModified":"2026-02-04T10:59:45+00:00","description":"Meta Description: TechGDPR\u2019s review of the most important data-related stories: PETs guide, Digital identities & employees' surveillance fine","breadcrumb":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/#primaryimage","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280.jpg","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2026\/02\/wal_172619-people-9642583_1280.jpg","width":1280,"height":841,"caption":"PETs"},{"@type":"BreadcrumbList","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-04022026-new-pets-guide-digital-identities-ecosystem-employees-surveillance-fine\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/techgdpr.com\/"},{"@type":"ListItem","position":2,"name":"Data protection digest 19 Jan &#8211; 2 Feb 2026: New PETs guide, Digital identities ecosystem &amp; employees&#8217; surveillance fine"}]},{"@type":"WebSite","@id":"https:\/\/techgdpr.com\/#website","url":"https:\/\/techgdpr.com\/","name":"TechGDPR","description":"","publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/techgdpr.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/techgdpr.com\/#organization","name":"TechGDPR","url":"https:\/\/techgdpr.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/","url":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","contentUrl":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","width":501,"height":334,"caption":"TechGDPR"},"image":{"@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/techgdpr","https:\/\/www.linkedin.com\/company\/techgdpr"]},{"@type":"Person","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8","name":"Olya Vasylyk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","caption":"Olya Vasylyk"},"description":"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"}]}},"_links":{"self":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/11530","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/comments?post=11530"}],"version-history":[{"count":12,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/11530\/revisions"}],"predecessor-version":[{"id":11556,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/11530\/revisions\/11556"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media\/11546"}],"wp:attachment":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media?parent=11530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/categories?post=11530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/tags?post=11530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}