In this week’s Privacy Tracker global legislative roundup, European regulators have issued fines totaling 114 million euros since the EU General Data Protection Regulation came into effect. The Italian DPA issued an 11.5 million euro fine against Eni Gas e Luce for violating the GDPR. Hong Kong authorities have proposed amendments strengthening the Personal Data (Privacy) Ordinance and are considering granting the Office of the Privacy Commissioner for Personal Data the authority to investigate and prosecute complaints related to "doxing." In the U.S., Washington state lawmakers held the first hearing regarding the reintroduced Washington State Privacy Act, Florida and Nebraska legislatures introduced data privacy bills to their respective committees, and Faegre Baker Daniels Associate and former IAPP Westin Research Fellow Mitchell Noordyke, CIPP/E, CIPP/US, CIPM, compares the Washington Privacy Act to the California Consumer Privacy Act.
THE LATEST
Faegre Baker Daniels Associate and former IAPP Westin Research Fellow Mitchell Noordyke, CIPP/E, CIPP/US, CIPM, compares and contrasts the Washington Privacy Act and the California Consumer Privacy Act for Privacy Tracker.
More
CNBC reports that since the EU General Data Protection Regulation went into effect in May 2018, there have been 160,000 data breach notifications, and regulators have issued fines totaling 114 million euros.
More
The Netherlands ranks first for data breach notifications in the EU with 40,647 notifications since the GDPR went into effect, The Irish Times reports. Ireland takes the second spot with more than 6,700 breaches reported to Ireland’s Data Protection Commission.
More
ICYMI
IAPP Staff Writer Jennifer Bryant wrote for The Privacy Advisor on the Washington State Legislature Senate Environment, Energy & Technology Committee’s first hearing on a reintroduced version of the Washington Privacy Act.
More
IAPP Editor Angelique Carson, CIPP/US, wrote for The Privacy Advisor on the U.S. House Committee on Oversight and Reform hearing on lawmakers' investigation into the potential risks posed by both government and commercial use of facial-recognition technology and signaled their commitment to legislation in the "near future."
More
ENFORCEMENT
Italian data protection authority, the Garante, announced an 11.5 million euro fine against gas and electric company Eni Gas e Luce for violations of the EU General Data Protection Regulation.
More
The U.S. Federal Bureau of Investigation shuttered WeLeakInfo.com for selling personal records from more than 10,000 data breaches over the last three years, Silicon Republic reports.
More
BankInfoSecurity reports the U.S. District Court Northern District of Georgia has signed off on Equifax's $1.38 billion class-action settlement over its 2017 data breach.
More
ASIA-PACIFIC
Proposed amendments to Hong Kong’s Personal Data (Privacy) Ordinance would require companies five days to report a data breach and allow the Office of the Privacy Commissioner for Personal Data to fine violators a portion of their global turnover, the South China Morning Post reports.
More
EUROPE
Reuters reports Court of Justice of the European Union Advocate General Manuel Campos Sánchez-Bordona said the court should uphold its 2016 ruling on data retention for national security cases. The court found "general and indiscriminate" retention of data does not comply with the ePrivacy Directive.
More
The European Parliament Committee on Civil Liberties, Justice and Home Affairs has announced the Croatian Presidency of the Council of the European Union is slated to give an ePrivacy presentation during the committee's Jan. 21 meeting.
More
BBC News reports the European Commission may ban facial recognition for three to five years as it figures out how to curb abusive uses of the technology. During that time, the commission plans to introduce new rules to enhance existing privacy laws and propose obligations on artificial intelligence users and developers.
More
European regulators are working toward a unified approach to regulating big tech companies' voice assistant programs following allegations of workers snooping on users, Bloomberg reports.
More
France's data protection authority, the CNIL, has launched a consultation for its draft recommendations on the use of cookies. (Original article is in French.)
More
TRACKING FEDERAL PRIVACY LEGISLATION—US
The Hunton Andrew Kurth's Centre for Information Policy Leadership has published a white paper discussing the how the United States-Mexico-Canada Agreement might impact potential U.S. privacy legislation.
More
US
The National Law Review reports the Florida Legislature has begun considering a proposal for comprehensive privacy legislation. The bill, introduced in both the state's Senate and House of Representatives, carries some provisions and requirements that are comparable to the California Consumer Privacy Act.
More
State Sen. Carol Blood, D-Neb., has introduced the Nebraska Consumer Data Privacy Act to the state Legislature. Data subject access requests, a right to deletion and a right to general transparency on how data is being used by an organization are included in the bill.
More
The U.S. District Court in San Jose, California, is considering whether to allow a class-action lawsuit regarding user privacy with Google voice assistants to continue, MediaPost reports.
More