In this week’s global legislative roundup, the Australian Information Commissioner and Communications and Media Authority investigate telecom company Optus for its recent data breach. Italy’s data protection authority launched an investigation into a voice-replication application. And the Court of Justice of the European Union issued a nonbinding opinion that could reduce compensation to EU citizens in data breach cases.
The Latest
The Chamber of Deputies of Brazil approved a provisional measure to give Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, special agency status and administrative autonomy.
More
Zoetop, owner of online fashion retailers SHEIN and ROMWE, will pay $1.9 million in penalties to the state of New York following a 2018 data breach that impacted more than 800,000 New Yorkers, state Attorney General Letitia James announced.
More
Enforcement
The Office of the Australian Information Commissioner and Australian Communications and Media Authority are investigating a data breach that affected 10 million Optus cellular customers, Reuters reports.
More
The European Data Protection Board urged the European Commission to harmonize procedural aspects to promote “strong and swift enforcement” of the EU General Data Protection Regulation.
More
European Data Protection Supervisor Wojciech Wiewiórowski said a Council of Europe convention on artificial intelligence is an opportunity to strengthen privacy and data protection rights and will complement the European Commission’s proposed Artificial Intelligence Act.
More
France’s data protection authority, the Commission nationale de l'informatique et des libertés, adopted an action plan to help political candidates and parties comply with data protection legislation.
More
Italy’s data protection authority, the Garante, is investigating an application that reproduces false, realistic voices of well-known individuals.
More
The U.K. Information Commissioner’s Office formally reprimanded the Secretary of State for the Home Department after sensitive reports containing personal data were found at a public venue in London in September 2021.
More
California Attorney General Rob Bonta appointed Californians for Consumer Privacy founder Alastair Mactaggart to the California Privacy Protection Agency Board.
More
Canada
Under Ontario’s Working for Workers Act, employers with 25 or more employees must implement an electronic monitoring policy and disclose it to staff, CBC News reports.
More
Europe
Members of EU Parliament held their first round of debates on the proposed EU Artificial Intelligence Act, Euractiv reports.
More
US
U.S. President Joe Biden released the 2022 National Security Strategy, outlining interest in promoting “the free flow of data and ideas with trust” while protecting security and privacy.
More
The U.S. Securities and Exchange Commission adopted amendments to electronic recordkeeping requirements for broker-dealers.
More
ICYMI
The Digital Markets Act was published in the Official Journal of the European Union Oct. 13. In the second of a multipart series, the IAPP Research and Insights team provides privacy professionals with an overview of the DMA, including the law's objectives, material and territorial scope, main requirements, enforcement, and oversight structure.
More
It has been one week since U.S. President Joe Biden issued an executive order to shore up data transfer flows between the EU and U.S. IAPP Chief Knowledge Officer Caitlin Fennessy, CIPP/US, moderated a discussion at the IAPP Privacy. Security. Risk. 2022. IAPP Staff Writer Alex LaCasse has the details.
More
During an appearance at IAPP Privacy. Security. Risk. 2022, U.S. Federal Trade Commissioner Rebecca Kelly Slaughter discussed the Advance Notice of Proposed Rulemaking for commercial surveillance and lax data security. IAPP Staff Writer Joe Duball provides the details about the extension and other rulemaking insights Slaughter offered.
More
