In this week’s global legislative roundup, WhatsApp could face a 50 million euro fine for allegedly failing to adhere to EU General Data Protection Regulation transparency requirements. In the U.S., the Biden administration appointed Christopher Hoff, CIPP/E, CIPP/US, CIPM, as deputy secretary for services at the Department of Commerce to oversee negotiations for a replacement Privacy Shield, and Rebecca Kelly Slaughter has been named acting chair of the Federal Trade Commission.

LATEST NEWS

WhatsApp could face fines up to 50 million euros for alleged violations of the EU General Data Protection Regulation after Ireland’s Data Protection Commission found the messaging application failed to adhere to the transparency requirements under the GDPR, Politico reports.
More

Italy’s data protection authority, the Garante, ordered TikTok to block the accounts of users within the country whose age cannot be verified, Reuters reports.
More

The High Court of Justice considered the first U.K. case involving the application of the territorial scope of the GDPR, according to Hunton Andrews Kurth’s Privacy & Information Security Law Blog.
More

ICYMI

The Biden administration appointed Christopher Hoff, CIPP/E, CIPP/US, CIPM, as deputy secretary for services at the U.S. Department of Commerce, overseeing negotiations for a replacement Privacy Shield. For The Privacy Advisor, IAPP Research Director Caitlin Fennessy, CIPP, explored why this is an early sign of the administration’s intention to focus on privacy policy in the international realm.
More

BDO Partner and Governance, Risk & Compliance Practice Leader Karen Schuler, CIPP/E, CIPP/US, CIPM, FIP, wrote for Privacy Perspectives a federal privacy law would be beneficial for the U.S. and advises companies to take proactive steps to update their data practices.
More

In this fourth installment of a 10-part series for The Privacy Advisor examining the top operational impacts of the California Privacy Rights Act, IAPP Westin Fellow Nicole Sakin looked at expanded rights and obligations included in the CPRA.
More

For Privacy Tracker, Covington & Burling’s Zhijing Yu and Vicky Liu looked at the five key issues brought forth by comments on China’s draft Personal Information Protection Law and how they may shed more light on the road ahead for China’s privacy law.
More

Morrison & Foerster’s Lokke Moerel and Ronan Tigner explored the importance of the Court of Justice of the European Union advocate general’s one-stop-shop opinion and clarify some misconceptions for Privacy Perspectives.
More

Also for Privacy Perspectives, Morrison & Foerster Partner Alja Poler de Zwart wrote guidance from the U.K. Information Commissioner’s Office and the Netherlands’ Autoriteit Persoonsgegevens limiting the response period for data subject requests “imposes unreasonable burdens on organizations in the midst of a large security breach.”
More

ENFORCEMENT

The Office of the Privacy Commissioner of Canada is weighing whether to launch an investigation into privacy violations by MindGeek, The Toronto Star reports.
More

The European Commission published a proposal to amend the Data Protection Law Enforcement Directive to align with data protection rules.
More

Norway’s data protection authority, Datatilsynet, issued a pair of NOK 400,000 fines for GDPR violations to Coop Finmark and an unnamed company.
More

U.S. President Joe Biden named Rebecca Kelly Slaughter, who has been outspoken against the abuse of consumer data, as the acting chair of the U.S. Federal Trade Commission. Biden also designated Jessica Rosenworcel as acting chair of the Federal Communications Commission. 
More

ASIA-PACIFIC

In its submission to the Australian attorney general as part of its review of the Privacy Act 1988, the Office of the Australian Information Commissioner called for enhanced regulatory powers via amendments, ZDNet reports.
More

The Hindu reports petitions to review India’s Aadhaar identification system were rejected by the Supreme Court, upholding Parliament’s passage of the law establishing the system.
More

EUROPE

The German Federal Government passed a draft law adapting the country’s information technology laws, according to Covington & Burling’s Inside Privacy blog.
More

LATIN AMERICA

Approximately 55% of central government organizations have appointed data protection officers in compliance with Brazil’s General Data Protection Law, ZDNet reports.
More

US

The Center for Democracy and Technology is suing the U.S. Department of Homeland Security over allegations that two immigration agencies failed to respond to requests for records on data use, Gizmodo reports.
More

A new law enacted in Massachusetts prevents personal data from being accessed in warrantless searches, according to the Electronic Privacy Information Center.
More

Virginia and Oklahoma have become the latest U.S. states to propose privacy legislation, according to Husch Blackwell’s Data Privacy and Cybersecurity Legal Resource Byte Back.
More

The Washington State Senate Committee on Environment, Energy & Technology passed the latest iteration of the Washington Privacy Act.
More

GUIDANCE

Denmark’s data protection authority, Datatilsynet, highlighted areas of focus in 2021.
More

France's data protection authority, the Commission nationale de l'informatique et des libertés, Superior Audiovisual Council, Defender of Rights, and Hadopi have partnered to release an educational kit for digital citizens.
More

The French DPA also published a second opinion on the functioning of contact tracing and other systems used to combat the COVID-19 pandemic that process personal data.
More