In this week’s Privacy Tracker global legislative roundup, Ireland’s Data Protection Commission issued a 225 million euro fine against messaging platform WhatsApp for violations of EU General Data Protection Regulation transparency principles. Zimbabwe’s parliament passed a cybersecurity bill giving the Postal and Telecommunications Regulatory Authority of Zimbabwe authority to regulate and control data. In the U.S., the Federal Trade Commission banned application company SpyFone from operating in the surveillance business over allegations it collected users’ location data and online activities through a “hidden device hack” and sold the information.

LATEST NEWS

Bermuda’s Privacy Commissioner released guidance on the qualifications and duties of privacy officers under the Personal Information Privacy Act.
More

Sri Lanka’s Information and Communication Technology Agency published an overview of a personal data protection bill, a draft of which was first published in June 2019, saying it “has now been given priority by the Ministry of Technology.”
More

Turkey's data protection authority, Kişisel Verileri Koruma Kurumu, fined WhatsApp 200,000 euros for failure to adequately protect user data following a change to its terms of service, The Jakarta Post reports.
More 

The U.K. Information Commissioner's Office fined Glasgow-based DialADeal Scotland Ltd. 150,000 pounds for making more than half a million marketing calls to phone numbers of individuals who did not give permission to receive them.
More 

Zimbabwe’s parliament passed a cybersecurity bill that gives the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) authority to regulate and control data, Zimbabwe Daily reports.
More

ICYMI

UIBE Digital Economy and Legal Innovation Research Center Executive Director Xu Ke and Covington & Burling's Vicky Liu, Yan Luo and Zhijing Yu look at how enforcement powers of China’s Cybersecurity Law, Data Security Law, and the Personal Information Protection Law will be divided among different government agencies.
More

IAPP Staff Writer Joe Duball reports on the 225 million euro fine issued by Ireland’s Data Protection Commission against messaging platform WhatsApp for violations of EU General Data Protection Regulation transparency principles.
More

Squire Patton Boggs Counsel Kyle Fath outlined new standards within the amended New York City Administrative Code to address customer data collected by delivery applications from online orders and highlighted key provisions businesses should keep in mind.
More

IAPP Legal Research Fellow Cathy Cosgrove discusses standing issues in U.S. privacy class actions, including the challenge cases present to courts over the facts and nature of alleged harm.
More

ENFORCEMENT

In Canada, Nova Scotia’s Information and Privacy Commissioner recommended Nova Scotia Health conduct a privacy assessment and implement new guidelines after finding its Driving While Impaired Program violated participants’ privacy, CBC News reports.
More

Russia’s data protection authority, Roskomnadzor, fined Facebook, Twitter and WhatsApp a combined 36 million rubles for alleged data localization violations.
More

An analysis conducted by law firm RPC found the U.K. Information Commissioner's Office issued 42 million GBP in fines in the financial year 2020-2021, Infosecurity Magazine reports.
More

The U.S. Federal Trade Commission banned application company SpyFone from operating in the surveillance business over allegations the app collected users’ location data and their online activities through a “hidden device hack” and sold the information.
More

ASIA-PACIFIC

China plans to propose rules prohibiting organizations with large amounts of sensitive user information from going public in the U.S. and other countries, The Wall Street Journal reports.
More

EUROPE

France's data protection authority, the Commission nationale de l’informatique et des libertés, created a map outlining the level of data protection in each country around the world.
More

Netherlands-based advocacy groups are leading a new lawsuit against video platform TikTok’s parent company ByteDance over alleged children’s privacy allegations.
More

LATIN AMERICA

Brazil's Chamber of Deputies supported a proposed amendment to the constitution to make data protection a fundamental right for all citizens. The amendment gives Brazil's federal government sole power to legislate on and supervise data protection matters.
More

US

Law Street Media reports Cook County Circuit Court in Illinois denied a motion to dismiss a suit over alleged Illinois Biometric Information Privacy Act violations by Clearview AI.
More

Legislation enacted in Illinois, the Protecting Household Privacy Act, regulates the access and use of a private household’s electronic data by law enforcement.
More