In this week’s Global News Roundup, the Office of the Privacy Commissioner of Canada and several provincial data protection authorities launched an investigation into TikTok. The European Commission will push for legislation to align EU General Data Protection Regulation enforcement among member states’ data protection authorities. The Australian Attorney-General said the government will commit to reforming the Mandatory Data Retention Regime. And a pair of privacy bills were introduced in the U.S. House of Representatives.
The Latest
Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, released regulations for application of administrative fines under the General Data Protection Law.
The U.K. government won't act on the proposed Data Protection and Digital Information Bill during the current parliamentary session.
Kentucky's proposed Senate Bill 15 was moved to a second reading in the Senate Rules Committee.
Montana's Business, Labor, and Economic Affairs Committee unanimously passed Senate Bill 384, "An act establishing the Consumer Data Privacy Act."
Enforcement
The Office of the Privacy Commissioner of Canada and provincial privacy authorities announced an investigation into TikTok's data practices.
The European Commission announced its intention to propose legislation to better align EU General Data Protection Regulation enforcement approaches among national data protection authorities.
The European Data Protection Board published a report outlining "a selection of examples of final One-Stop-Shop decisions" taken under Articles 17 and 21 of the GDPR.
The European Data Protection Board released its 2023-2024 Work Programme, which takes from the priorities laid out in its 2021–2022 strategy.
The Netherlands' data protection authority, the Autoriteit Persoonsgegevens, said it will not fine Tesla over potential violations related to their cars' built-in security cameras.
The Netherlands' Autoriteit Persoonsgegevens ordered the Ministry of Justice and Security to immediately stop large-scale processing of airline passenger travel data saying the "necessity and proportionality" of the processing "cannot be justified."
The First-Tier Tribunal overturned portions of a 2020 enforcement notice by the U.K. Information Commissioner's Office against Experian, confirming the company's reliance on legitimate interests as a legal basis for processing credit reference agency information for direct marketing purposes.
The California Privacy Protection Agency announced its board will next meet March 3.
Asia-Pacific
Australian Attorney-General Mark Dreyfus said the government was committed to reforming the Mandatory Data Retention Regime.
India's Ministry of Electronics and Information Technology defined a child as someone under 18 years old in the proposed Digital Personal Data Protection Bill.
US
Privacy advocates are urging U.S. state-level privacy proposals that closely align with the American Data Privacy and Protection Act, which died in Congress last year.
The U.S. House of Representatives is scheduled to deliberate two privacy-related bills Feb. 27; H.R. 538, the Informing Consumers about Smart Devices Act, and H.R. 1123, the Understanding Cybersecurity of Mobile Networks Act.
Bipartisan leaders of the U.S. House Committee on Energy and Commerce announced the Subcommittee on Innovation, Data, and Commerce will hold a March 1 hearing titled "Promoting U.S. Innovation and Individual Liberty through a National Standard for Data Privacy."
The U.S. Securities and Exchange Commission proposed a rule altering the commission’s regulations under the U.S. Privacy Act, which governs “the handling of personal information in the federal government.”
Gov. Gavin Newsom, D-Calif., issued a statement supporting the California Age-Appropriate Design Code Act.
Guidance
Denmark's data protection authority, Datatilsynet, published guidance on cookie wall deployment in the wake of two relevant decisions.
The European Data Protection Board adopted three sets of guidelines following public consultation.
Spain’s data protection authority, the Agencia Española de Protección de Datos, published guidance for anonymizing data.
The U.K. Information Commissioner’s Office is urging accountants to recognize their “crucial role” in helping small to medium-sized clients implement data protection practices.
ICYMI
The Cyberspace Administration of China published standard contractual clauses for transfers of personal data and their implementing regulation Feb. 24. Reed Smith Partner Barbara Li, CIPP/E, outlines the scope and requirements while providing key takeaways for privacy professionals.
The European Data Protection Board issued three enforcement actions against Meta in January, each of which arose as binding decisions from the one-stop-shop dispute resolution mechanism. Following the decisions, IAPP Research and Insights Director Joe Jones offered an in-depth legal analysis of the practical takeaways concerning legal bases and transparency.
