In this week's global legislative roundup, the Irish Data Protection Commission fined Meta Platforms 17 million euros over a series of 12 data breaches from June to December 2018. The European Data Protection Board released guidance on "dark patterns" on social media platforms and the potential EU General Data Protection Regulation infringements. It also announced draft guidelines for supervisory authority cooperation and the one-stop-shop enforcement mechanism under Article 60 of the GDPR. The U.K.'s post-Brexit international data transfer goes into effect. IAPP Staff Writer Joe Duball reported on what went right and wrong from the Connecticut and Tennessee state privacy bills.
The latest
The European Data Protection Board released its guidance on so-called "dark patterns" on social media platforms and their potential EU General Data Protection Regulation infringements.
More
The Spanish data protection agency, the Agencia Española de Protección de Datos, published its "2021 Report." The report focused on two main areas — responding to the data protection challenges brought by COVID-19 and continuing to support entities that process data to protect privacy.
More
The U.K.'s post-Brexit international data transfer agreement goes into effect March 21, 2022.
More
ICYMI
Trends are developing in this year's cycle of comprehensive state privacy bills as far as provisions within these proposals and lawmakers' appetites for them. In this piece for Privacy Tracker, IAPP Staff Writer Joe Duball the details of what went right and wrong for Connecticut and Tennessee privacy bills in their respective hearings.
More
A U.S. Federal Trade Commission draft settlement agreement with customized merchandise website CafePress.com includes a few data privacy claims that could signal how the FTC will approach privacy actions in the coming months and years. IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, discussed the potential lessons to be learned from the CafePress enforcement action for The Privacy Advisor.
More
The first-ever public decision related to cookies for Poland’s data protection authority, the Urząd Ochrony Danych Osobowych, was a landmark ruling in the country, Kobylańska Lewoszewski Mednis lawyer Mikołaj Ostoja-Ciemny writes in this piece for The Privacy Advisor.
More
Enforcement
The Belgian Data Protection Authority published an opinion on a draft bill amending the 2017 law establishing the authority, saying the proposal threatens the DPA’s independence and functioning.
More
The Irish Data Protection Commission fined Meta Platforms 17 million euros over a series of 12 data breaches from June to December 2018.
More
The Irish DPC published a report with statistics on its handling of cross-border complaints under the GDPR's one-stop-shop mechanism.
More
The U.K. Information Commissioner's Office fined five companies a combined 405,000 GBP over violations stemming from more than 750,000 targeted marketing calls.
More
Protocol reports on the U.S. Federal Trade Commission’s use of algorithmic destruction in combating deceptive digital data practices.
More
Asia-Pacific
The Office of the Australian Information Commissioner approved an application to amend the Privacy (Credit Reporting) Code 2014.
More
Canada
CBC News reports British Columbia's Information Privacy Commissioner ruled federal political parties are subject to the province's Personal Information Protection Act.
More
Europe
Euractiv reports the Council of the EU drafted a compromise text on the proposed Digital Services Act that includes updated provisions on "dark patterns" and children's privacy protections.
More
Negotiations between EU institutions on the Digital Markets Act have entered their final stages, Euractiv reports.
More
U.S.
U.S. President Joe Biden signed the Strengthening American Cybersecurity Act into law, TechTarget reports.
More
The California Attorney General's Office released an opinion clarifying a consumer's right to know under the California Consumer Privacy Act covers business-generated inferences unless there's a proven statutory exemption.
More
The Colorado attorney general's office is seeking preliminary comments toward Colorado Privacy Act rulemaking.
More
The Iowa House passed House File 2506 on a 91-2 vote. The bill did not reach the Senate Judiciary Committee's agenda before the March 18, 2022 reporting deadline.
More
Privacy operations management
The European Data Protection Board announced draft guidelines for supervisory authority cooperation and the one-stop-shop enforcement mechanism under Article 60 of the EU General Data Protection Regulation.
More
France’s data protection authority, the Commission nationale de l'informatique et des libertés, released its 2022-24 strategic plan.
More
France’s DPA, the Commission nationale de l'informatique et des libertés, published a guide on appointing and supporting data protection officers.
More
