The president of the Administrative Court of Luxembourg partially granted Amazon’s request to suspend execution of a record 746 million euro EU General Data Protection Regulation fine proposed by Luxembourg’s National Commission for Data Protection. The U.S. Federal Trade Commission is considering drafting rules targeting harms resulting from commercial surveillance and other data practices. And a Joint Parliamentary Committee's final report on India's Personal Data Protection Bill has been tabled in Parliament's two chambers.
Roundup: EU, India, US and more
LATEST NEWS
The president of the Administrative Court of Luxembourg partially granted Amazon’s request to suspend execution of a 746 million euro EU General Data Protection Regulation fine proposed by Luxembourg’s National Commission for Data Protection.
More
U.S. Federal Trade Commission Chair Lina Khan said the agency is considering drafting new rules for U.S. businesses targeting “harms that can result from commercial surveillance and other data practices,” CNN Business reports.
More
ICYMI
IAPP Editorial Director Jedidiah Bracy chatted with journalist Luca Bertuzzi about the flurry of proposed data regulations in the European Union on an episode of The Privacy Advisor Podcast.
More
The Wiesbaden Administrative Court in Germany issued a first-of-its-kind decision prohibiting companies from using cookie management providers that relies on U.S.-based third parties to collect personal data, regardless of whether the data is ever transferred out of the EU. Alston & Bird's Dan Felz, CIPP/E, and Peter Swire break down how the court reached its decisions and potential implications moving forward.
More
ENFORCEMENT
Telecommunications company Telstra was fined $2.5 million by the Australian Communications and Media Authorities for failing to protect nearly 50,000 customers’ unlisted phone numbers, the Guardian reports.
More
Norway's data protection authority, Datatilsynet, announced its final decision to fine dating application Grindr NOK 65 million over EU General Data Protection Regulation violations.
More
A U.S. Federal Trade Commission settlement permanently banned a group of debt collectors from the industry and required them to surrender numerous bank and investment account details. A $12 million fine has been “partially suspended due to an inability to pay.”
More
The FTC also reached a $2 million settlement with OpenX over allegations the California-based advertising platform violated the Children’s Online Privacy Protection Act.
More
Background report provider MyLife and its CEO Jeffrey Tinsley will pay $21 million to settle U.S. Department of Justice and FTC allegations the company deceived consumers with “teaser background reports” and difficult-to-cancel subscription programs.
More
ASIA-PACIFIC
A Joint Parliamentary Committee's final report on India's Personal Data Protection Bill has been tabled in Parliament's two chambers. Lok Sabha outlined the report, which features 81 recommendations from the JPC and 150 corrections and improvements to various provisions.
More
The Indian Express reported on key recommendations made in the Joint Parliamentary Committee's report, including a 72-hour data breach notification window and a process for individual breach liability.
More
CANADA
Desjardins Group agreed to a $201 million settlement in a class-action lawsuit over a 2019 data breach affecting nearly 9.7 million Canadians, CBC News reports.
More
Prime Minister Justin Trudeau’s mandate letter to Minister of Innovation, Science and Industry François-Philippe Champagne includes a commitment to “strengthen privacy protections for consumers.”
More
EUROPE
European Parliament approved text for the Digital Markets Act and will proceed to negotiations on final passage with the Council of the European Union, which is planned to start under the French presidency of the Council during the first semester of 2022.
More
Parliament's Internal Market and Consumer Protection Committee voted 36-7 in favor of the Digital Services Act. The committee added a package of amendments, including provisions for more transparency around targeted advertising practices and a ban on so-called "dark patterns."
More
The deadline for implementing the "EU Directive on the protection of persons who report breaches of Union law" has passed, but only four EU member states have adopted implementing laws. Morrison Foerster Partner Alja Poler De Zwart and Associate Mercedes Samavi look at key questions organizations implementing the directive may face.
More
US
The California Privacy Protection Agency published the public comments from its stakeholder consultation on California Privacy Rights Act regulations.
More
GUIDANCE
The European Data Protection Board announced it adopted the final draft of new guidance on examples of data breach notifications.
More
France's data protection authority, the Commission nationale de l'informatique et des libertés, published an updated guide to the EU GDPR for web and application developers.
More
Ireland's Data Protection Commission published its Fundamentals for a Child-Oriented Approach to Data Processing. The guidance introduce principles and recommended best practices for children's data protection during processing activities.
More
The U.K. Information Commissioner's Office announced new guidance on data subject access requests. The ICO said its guidelines aim to better outline subjects' rights to request access to data and the obligations relevant authorities must tend to with such requests.
More