In this week’s Global News Roundup, the Court of Justice of the European Union denied Meta’s challenge of an Irish Data Protection Commission fine. The European Commission is anticipated to release its adequacy decision on EU-U.S. in short order. And, Japan and the U.K. reached an agreement on a new digital partnership.
The Latest
The provision in India’s proposed Digital Personal Data Protection Bill allowing transborder data flows to “certain notified countries” could “reinvigorate digital trade” between India, and the EU and U.S., Atlantic Council’s South Asia Center nonresident fellow Anand Raghuraman writes.
More
New compromise amendments to the EU Artificial Intelligence Act, excluding general-purpose AI from high-risk systems, have been released, Euractiv reports.
More
The European Data Protection Board released the agenda for its Dec. 13 and 14 plenary session.
More
France’s Commission nationale de l'informatique et des libertés’ rapporteur François Pellegrini recommended fining Apple 6 million euros for an alleged breach of privacy rules, Reuters reports.
More
Enforcement
Hong Kong's Office of the Privacy Commissioner for Personal Data published its 2021-22 Annual Report.
More
During his keynote address at the Public Interest Advocacy Centre annual dinner, Privacy Commissioner of Canada Philippe Dufresne said "it is a pivotal time for privacy … with challenges and opportunities in our legal, technological and societal landscapes."
More
The Court of Justice of the European Union denied a challenge by Meta's WhatsApp over its 225 million euro fine issued by Ireland's Data Protection Commission in September 2021.
More
The European Data Protection Board announced a trio of binding decisions against Meta under the EU General Data Protection Regulation's Article 65 dispute resolution mechanism.
More
The European Union's General Court ruled against a request by WhatsApp Ireland to annul a binding decision by the European Data Protection Board that led to a $267 million EU General Data Protection Regulation fine, TechCrunch reports.
More
French phone provider, FREE, was fined 300,000 euros by France's data protection authority, the Commission nationale de l'informatique et des libertés.
More
Politico reports Ireland's DPC opened a probe into the potential exposure of more than 5 million EU and U.S. Twitter accounts. The DPC awaits a response to a letter seeking more information on the reported breach.
More
The Wall Street Journal reports the leaked decisions on Meta's advertising practices rule against data collection for "contractual necessity" under the GDPR. A Meta spokesperson said the company "will continue to engage" with the Irish DPC until the finalized decisions are rendered.
More
In a blog post, U.K. Information Commissioner's Office Director of Investigations Stephen Eckersley said the authority began publishing reprimands retroactive to January 2022.
More
The California Privacy Protection Agency posted the agenda for its Dec. 16 board meeting.
More
Europe
The Court of Justice of the European Union ruled search engine operators must delete search results if an individual proves information about them is "manifestly inaccurate."
More
The new compromise text of the EU Data Act is being circulated, as the Czech Presidency of the Council of the European Union failed to “broker a common position” before a ministerial meeting Dec. 6, Euractiv reports.
More
Leaders in the U.K. and Japan have established the U.K.-Japan Digital Partnership, a framework to "jointly deliver concrete digital policy outcomes" for citizens, businesses and economies.
More
The European Commission is set to publish its draft adequacy decision for EU-U.S. data flows as early as Dec. 12, Politico Pro reports.
More
U.S.
If next year’s congressional leaders want to act on a federal privacy law, the American Data Privacy and Protection Act is a place to start, The Washington Post Editorial Board writes.
More
The U.S. Congressional Research Service issued a report on potential ways to update the Computer Matching and Privacy Protection Act, a law passed in 1988 to establish “procedures for agencies when they disclose and match data on individuals for certain purposes.”
More
State Assemblyman Herb Conaway Jr., D-NJ, introduced a bill to create a New Jersey Children’s Data Protection Commission.
More
Guidance
The Office of the European Data Protection Supervisor Director Leonardo Cervera-Navas reaffirmed his office's commitment to supporting data protection officers across the EU.
More
The Norwegian Consumer Council is asking "several" Norwegian and international companies to change practices after identifying their use of deceptive design to "push, manipulate and trick consumers into making choices that are in the companies' own interest."”
More
ICYMI
Recent input from Italy’s data protection authority, the Garante, on cookie paywalls opens a new chapter in the never-ending story of profiling cookies. Ughi e Nunziante partner Massimiliano Pappalardo, CIPP/E, said there is uncertainty around what criteria would make cookie paywalls fully compliant with the EU’s legal framework, and an official position from the European Data Protection Board could help.
More
