In this week's Global News Roundup, the U.K. Information Commissioner's Office fined TikTok for breaches of the U.K. General Data Protection Regulation. The European Data Protection Board issued updated guidelines on personal data breach notification under the EU GDPR. And the first review of the EU-Japan adequacy agreement was finalized.

The Latest

Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, published a Q&A document outlining proper procedures for data protection impact assessments.

The Arkansas House of Representatives voted on final approval of Senate Bill 396, the Social Media Safety Act.

The California Chamber of Commerce filed a petition to the Superior Court of California, County of Sacramento, for a delay on enforcement of California Privacy Rights Act regulations.

Enforcement

The U.K. Information Commissioner's Office issued a formal reprimand to the NHS Highland health board for a "serious" data breach involving individuals likely to be accessing HIV services. 

The U.K. Information Commissioner's Office fined TikTok 12.7 million GBP for breaches of the U.K. General Data Protection Regulation.

Asia-Pacific

India's Minister of Communications and Information Technology Ashwini Vaishnaw said the Digital Personal Data Protection Bill will be tabled in Parliament during the Monsoon session.

Europe

European Commissioner for Justice Didier Reynders and Personal Information Protection Commission of Japan Chairperson Mieko Tanno announced the first review of the EU-Japan mutual adequacy agreement has successfully concluded.

US

Arkansas' Senate Bill 66, creating protections for minors online including age-verification requirements, passed the House and Senate and was sent to the governor for signature. 

Pennsylvania's House Bill 708, establishing consumer data protection measures including creating a Consumer Privacy Fund, was referred to the Committee on Commerce.

In a 27-21 vote, the Washington Senate passed HB1155 — proposed legislation on the collection, sharing and selling of consumer health data. 

Guidance

Deputy Privacy Commissioner of New Zealand Liz MacPherson called data retention "the sleeping giant of data security" in a blog post by the Office of the Privacy Commissioner, stating it is a key issue in several recent cyberattacks.

The European Data Protection Board published updated guidelines on personal data breach notification under the EU General Data Protection Regulation.

ICYMI

The finalization of the first California Privacy Rights Act regulations was another step forward in the state's efforts to be a leader on privacy protection and enforcement. Members of California's privacy enforcement bodies — the California Privacy Protection Agency and the Office of the Attorney General of California — took the stage at the IAPP Global Privacy Summit 2023 and IAPP Staff Writer Joe Duball rounds up highlights from the breakout sessions.

Organizations are considering biometric technologies and subsequent personal data collection more than ever before. In Illinois, those that follow through with adoption without privacy in mind may face the Biometric Information Privacy Act and its private right of action. IAPP Staff Writer Joe Duball looks at the risks companies run in Illinois and the potential for other state legislatures to follow its lead on biometric regulation.