In this week’s global legislative roundup, Virginia Gov. Glenn Youngkin signed into law three Virginia Consumer Data Protection Act amendment bills. The California Attorney General’s Office will hold stakeholder input sessions for the California Privacy Rights Act rulemaking process beginning May 4. In the EU, the Dutch data protection authority issued its highest fine to date and the final text of the EU Digital Markets Act is expected to be presented to the Council of the European Union’s competition working party April 28.
The latest
The final text of the EU Digital Markets Act, expected to be presented to the Council of the European Union’s competition working party April 28, featured several last-minute changes, Euractiv reports.
More
In a Q&A with Davis & Gilbert, Californians for Consumer Privacy founder Alastair Mactaggart discussed the motives behind key provisions in the California Privacy Rights Act. Mactaggart addressed the CPRA’s moves to regulate the advertising technology industry, as well as the lack of a right to cure and inclusion of a limited private right of action.
More
Three Virginia Consumer Data Protection Act amendment bills signed into law by Virginia Gov. Glenn Youngkin will go into effect July 1. The governor’s signing finalizes the VCDPA’s text in advance of its Jan. 1, 2023 effective date.
More
ICYMI
Colorado Attorney General Philip Weiser laid out his enforcement priorities for the Colorado Privacy Act at the IAPP Global Privacy Summit 2022. Weiser said his office would distinguish between organizations that inadvertently violate the law and those that engage in "willful noncompliance," prioritizing enforcement actions against the latter.
More
Enforcement
The U.S. Consumer Financial Protection Bureau filed a lawsuit against TransUnion, two of its subsidiaries and a former executive alleging the credit reporting agency continued to use deceptive marketing practices to lure consumers into paying for subscription plans after they were ordered to stop the practice.
More
The European Data Protection Supervisor issued a rebuke to the European Border and Coast Guard Agency for violating the Data Protection Regulation (EU) 2018/1725 when it failed to complete a data protection assessment before moving to the cloud.
More
The California Attorney General’s Office will hold stakeholder input sessions for the CPRA rulemaking process beginning May 4.
More
The Dutch data protection authority, Autoriteit Persoonsgegevens, fined tax authorities 3.7 million euros for violating the EU General Data Protection Regulation. It is the highest fine the DPA has ever imposed.
More
France's data protection authority, the Commission nationale de l'informatique et des libertés, amended the Data Protection Act to better handle complaints and order sanctions.
More
The CNIL also issued formal notice to three companies for transmitting potential customers’ personal data between partners without consent in violation of the GDPR.
More
APAC
The Australian Privacy Foundation released a statement requesting a number of privacy improvements related to regulation and company practices, iTWire reports.
More
Indian Parliament's passage of the Criminal Procedure Identification Bill and its provisions for increased biometric data collection by law enforcement is stirring privacy concerns, BBC News reports.
More
Europe
European Parliament co-rapporteurs finalized the Artificial Intelligence draft report, agreeing on certain points such as a broad definition on AI and governance, Euractiv reports.
More
The Council of the European Union offered a new compromise text on the regulation of targeted advertising in the proposed Digital Services Act that may satisfy concerns of other EU institutions, including a limited ban on targeted ads to known minors, Euractiv reports.
More
Germany’s Federal Commissioner for Data Protection and Freedom of Information Ulrich Kelber recently delivered the annual report to the Bundestag, which stated the country had delayed implementation of the EU Data Protection Directive, Euractiv reports.
More
U.S.
Fashion brand Louis Vuitton is facing a class-action lawsuit filed in U.S. District Court for the Southern District of New York by a customer who alleged its “Virtual Try-On” feature violates the Illinois Biometric Information Privacy Act, the Fashion Law reports.
More
