The president of the Administrative Court of Luxembourg partially granted Amazon’s request to suspend execution of a record 746 million euro EU General Data Protection Regulation fine proposed by Luxembourg’s National Commission for Data Protection. The U.S. Federal Trade Commission is considering drafting rules targeting harms resulting from commercial surveillance and other data practices. And a Joint Parliamentary Committee's final report on India's Personal Data Protection Bill has been tabled in Parliament's two chambers.

Roundup: EU, India, US and more

LATEST NEWS

The president of the Administrative Court of Luxembourg partially granted Amazon’s request to suspend execution of a 746 million euro EU General Data Protection Regulation fine proposed by Luxembourg’s National Commission for Data Protection.
More

U.S. Federal Trade Commission Chair Lina Khan said the agency is considering drafting new rules for U.S. businesses targeting “harms that can result from commercial surveillance and other data practices,” CNN Business reports.
More

ICYMI

IAPP Editorial Director Jedidiah Bracy chatted with journalist Luca Bertuzzi about the flurry of proposed data regulations in the European Union on an episode of The Privacy Advisor Podcast.
More

The Wiesbaden Administrative Court in Germany issued a first-of-its-kind decision prohibiting companies from using cookie management providers that relies on U.S.-based third parties to collect personal data, regardless of whether the data is ever transferred out of the EU. Alston & Bird's Dan Felz, CIPP/E, and Peter Swire break down how the court reached its decisions and potential implications moving forward.
More

ENFORCEMENT

Telecommunications company Telstra was fined $2.5 million by the Australian Communications and Media Authorities for failing to protect nearly 50,000 customers’ unlisted phone numbers, the Guardian reports.
More

Norway's data protection authority, Datatilsynet, announced its final decision to fine dating application Grindr NOK 65 million over EU General Data Protection Regulation violations.
More

A U.S. Federal Trade Commission settlement permanently banned a group of debt collectors from the industry and required them to surrender numerous bank and investment account details. A $12 million fine has been “partially suspended due to an inability to pay.”
More

The FTC also reached a $2 million settlement with OpenX over allegations the California-based advertising platform violated the Children’s Online Privacy Protection Act.
More

Background report provider MyLife and its CEO Jeffrey Tinsley will pay $21 million to settle U.S. Department of Justice and FTC allegations the company deceived consumers with “teaser background reports” and difficult-to-cancel subscription programs.
More

ASIA-PACIFIC

A Joint Parliamentary Committee's final report on India's Personal Data Protection Bill has been tabled in Parliament's two chambers. Lok Sabha outlined the report, which features 81 recommendations from the JPC and 150 corrections and improvements to various provisions.
More

The Indian Express reported on key recommendations made in the Joint Parliamentary Committee's report, including a 72-hour data breach notification window and a process for individual breach liability.
More

CANADA

Desjardins Group agreed to a $201 million settlement in a class-action lawsuit over a 2019 data breach affecting nearly 9.7 million Canadians, CBC News reports.
More

Prime Minister Justin Trudeau’s mandate letter to Minister of Innovation, Science and Industry François-Philippe Champagne includes a commitment to “strengthen privacy protections for consumers.”
More

EUROPE

European Parliament approved text for the Digital Markets Act and will proceed to negotiations on final passage with the Council of the European Union, which is planned to start under the French presidency of the Council during the first semester of 2022.
More

Parliament's Internal Market and Consumer Protection Committee voted 36-7 in favor of the Digital Services Act. The committee added a package of amendments, including provisions for more transparency around targeted advertising practices and a ban on so-called "dark patterns."
More

The deadline for implementing the "EU Directive on the protection of persons who report breaches of Union law" has passed, but only four EU member states have adopted implementing laws. Morrison Foerster Partner Alja Poler De Zwart and Associate Mercedes Samavi look at key questions organizations implementing the directive may face. 
More

US

The California Privacy Protection Agency published the public comments from its stakeholder consultation on California Privacy Rights Act regulations.
More

GUIDANCE

The European Data Protection Board announced it adopted the final draft of new guidance on examples of data breach notifications.
More

France's data protection authority, the Commission nationale de l'informatique et des libertés, published an updated guide to the EU GDPR for web and application developers.
More

Ireland's Data Protection Commission published its Fundamentals for a Child-Oriented Approach to Data Processing. The guidance introduce principles and recommended best practices for children's data protection during processing activities.
More

The U.K. Information Commissioner's Office announced new guidance on data subject access requests. The ICO said its guidelines aim to better outline subjects' rights to request access to data and the obligations relevant authorities must tend to with such requests.
More