In this week’s Global News Roundup, the Court of Justice of the European Union issued a pair of decisions. One compels data controllers to identify parties they sell personal data to under the EU General Data Protection Regulation and the other affirmed EU GDPR decisions can be enforced concurrently with separate legal cases in member states. France’s data protection authority, the Commission nationale de l'informatique et des libertés, issued a 5 million euro fine to TikTok. China began enforcement of its deep synthesis regulation. And a number of U.S. states introduced privacy laws in their respective legislatures.
The Latest
France's data protection authority, the Commission nationale de l'informatique et des libertés, issued a 3 million euro fine to mobile app developer VOODOO over alleged nonconsensual user tracking.
More
Enforcement
The CJEU issued a decision forcing data controllers to identify entities they sold personal data to when requested under the EU GDPR.
More
The CJEU ruled EU GDPR enforcement decisions can be exercised “concurrently and independently” with member states’ administrative and civil courts.
More
Finland's data protection authority, the Office of the Data Protection Ombudsman, issued a 122,000 euro fine to an unidentified company regarding alleged nonconsensual processing of health data.
More
France's data protection authority, the Commission nationale de l'informatique et des libertés, issued a 5 million euro fine to TikTok over alleged cookie consent violations.
More
Norway's data protection authority, Datatilsynet, ordered parcel and logistics company PostNord to improve security to prevent unauthorized access to personal data in its systems.
More
The U.S. Federal Trade Commission finalized enforcement action against online alcohol marketplace Drizly and CEO James Cory Rellas related to its 2020 data breach.
More
Asia-Pacific
The Wall Street Journal reports the Cyberspace Administration of China began enforcing its regulation over "deep synthesis" technologies Jan. 10.
More
Europe
Members of European Parliament and Artificial Intelligence Act co-rapporteurs circulated the latest compromise amendments to Parliament's proposal, Euractiv reports.
More
The Swedish Presidency of the Council of the European Union circulated potential compromises for outstanding issues with the proposed Data Act, Euractiv reports.
More
The U.K. and U.S. governments jointly announced the results of the inaugural U.S.-U.K. Comprehensive Dialogue on Technology and Data.
More
U.S.
In an op-ed for The Wall Street Journal, U.S. President Joe Biden reiterated calls for U.S. Congress to pass comprehensive federal privacy legislation.
More
State Sen. Liz Brown, R-Ind., reintroduced Senate Bill 5 to the Indiana Senate.
More
Maryland House Bill 33 concerning biometric privacy was reintroduced.
More
State Sen. Angela Turner-Ford, D-Miss., reintroduced Senate Bill 2080, the Mississippi Consumer Data Privacy Act.
More
Gov. Roy Cooper, D-N.C., signed an executive order banning TikTok and other applications on state government-issued devices Jan. 12.
More
Oregon's comprehensive privacy bill, Senate Bill 619, was introduced and awaits committee referral from the Senate president.
More
Oregon Senate Bill 196, the Oregon Age-Appropriate Design Code, was also introduced.
More
The Virginia House and Senate each introduced companion amendments to the state's Consumer Data Protection Act: House Bill 1688 and Senate Bill 1026.
More
Guidance
IT World Canada reports the International Organization for Standardization will adopt ISO 31700 on privacy by design Feb. 8.
More
ICYMI
Canada is poised to potentially pass several major private sector privacy law reforms on both the federal and provincial levels, Dentons Canada Privacy and Cybersecurity National Practice Leader Chantal Bernier writes.
More
The Court of Justice of the European Union recently presented a preliminary decision on two joined cases from Luxembourg that carefully weighed privacy rights, the EU's anti-money laundering directive and many other factors. Jerry Barbanel, CIPP/A, CIPP/C, CIPP/E, CIPP/US, CIPM, FIP, offers his analysis of the CJEU's thinking on the case and the privacy impacts that may arise.
More
As more details unfold within the Irish Data Protection Commission and European Data Protection Board’s published Meta decisions, the privacy community is grappling with complex and fundamental questions surrounding legal bases for data processing, transparency within privacy notices, uncertainty around EU General Data Protection Regulation compliance, and more, writes IAPP Staff Writer Jennifer Bryant.
More
